DSA-2022-187: Dell Technologies PowerProtect Data Domain Security Update for Multiple Third-Party Component Vulnerabilities

Riepilogo: Dell Technologies PowerProtect Data Domain remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Questo articolo si applica a Questo articolo non si applica a Questo articolo non è legato a un prodotto specifico. Non tutte le versioni del prodotto sono identificate in questo articolo.
Scopri le altre risorse

Impatto

Critical

Dettagli

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-23692 Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system. 8.8 CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
 
Third-party Component CVEs More information
iDRAC9 CVE-2022-24422 See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability
Intel BIOS CVE-2021-0060 See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release
CVE-2021-0147
CVE-2021-0127
CVE-2021-0103
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0099
CVE-2021-0111
CVE-2021-0107
CVE-2021-0125
CVE-2021-0124
CVE-2021-0119
CVE-2021-0092
CVE-2021-0091
CVE-2021-0093
CVE-2019-14584 See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities
CVE-2021-28210
CVE-2021-28211
OpenSSL CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH CVE-2021-41617 https://nvd.nist.gov/vuln/detail/CVE-2021-41617 This hyperlink is taking you to a website outside of Dell Technologies.
https://nvd.nist.gov/vuln/detail/CVE-2020-14145 This hyperlink is taking you to a website outside of Dell Technologies.
https://nvd.nist.gov/vuln/detail/CVE-2016-20012 This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2020-14145
CVE-2016-20012
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-23692 Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system. 8.8 CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
 
Third-party Component CVEs More information
iDRAC9 CVE-2022-24422 See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability
Intel BIOS CVE-2021-0060 See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release
CVE-2021-0147
CVE-2021-0127
CVE-2021-0103
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0099
CVE-2021-0111
CVE-2021-0107
CVE-2021-0125
CVE-2021-0124
CVE-2021-0119
CVE-2021-0092
CVE-2021-0091
CVE-2021-0093
CVE-2019-14584 See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities
CVE-2021-28210
CVE-2021-28211
OpenSSL CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH CVE-2021-41617 https://nvd.nist.gov/vuln/detail/CVE-2021-41617 This hyperlink is taking you to a website outside of Dell Technologies.
https://nvd.nist.gov/vuln/detail/CVE-2020-14145 This hyperlink is taking you to a website outside of Dell Technologies.
https://nvd.nist.gov/vuln/detail/CVE-2016-20012 This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2020-14145
CVE-2016-20012
Dell Technologies raccomanda a tutti i clienti di prendere in considerazione sia il punteggio base CVSS, sia ogni eventuale punteggio temporale o ambientale che possa avere effetti sul livello di gravità potenziale associato a una specifica vulnerabilità di sicurezza.

Prodotti interessati e correzione

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-24422 PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900 7.0 to 7.8 7.9.0.0 and later
Or
7.7.2 and later to stay on LTS 7.7		 For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles):
CVE-2021-0060
CVE-2021-0147
CVE-2021-0127
CVE-2021-0103
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0099
CVE-2021-0111
CVE-2021-0107
CVE-2021-0125
CVE-2021-0124
CVE-2021-0119
CVE-2021-0092
CVE-2021-0091
CVE-2021-0093
CVE-2019-14584
CVE-2021-28210
CVE-2021-28211
CVE-2022-0778 PowerProtect DD
DDOS and DDMC		 7.0 to 7.8 7.9.0.0 and later
Or
7.7.3 and later to stay on LTS
CVE-2021-41617
CVE-2020-14145 LTS 7.7.1 to 7.7.2 7.7.3 and later
CVE-2016-20012 6.2.1.80 and earlier 6.2.1.90 and later
CVE-2023-23692
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-24422 PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900 7.0 to 7.8 7.9.0.0 and later
Or
7.7.2 and later to stay on LTS 7.7		 For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles):
CVE-2021-0060
CVE-2021-0147
CVE-2021-0127
CVE-2021-0103
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0099
CVE-2021-0111
CVE-2021-0107
CVE-2021-0125
CVE-2021-0124
CVE-2021-0119
CVE-2021-0092
CVE-2021-0091
CVE-2021-0093
CVE-2019-14584
CVE-2021-28210
CVE-2021-28211
CVE-2022-0778 PowerProtect DD
DDOS and DDMC		 7.0 to 7.8 7.9.0.0 and later
Or
7.7.3 and later to stay on LTS
CVE-2021-41617
CVE-2020-14145 LTS 7.7.1 to 7.7.2 7.7.3 and later
CVE-2016-20012 6.2.1.80 and earlier 6.2.1.90 and later
CVE-2023-23692

Cronologia delle revisioni

RevisionDateDescription
1.02022-07-07Initial Release
1.12022-07-12Edited versions in Affected Products and Remediation Table Affected Version Column
1.22022-08-31Added "7.7.3 and above" to Affected Products and Remediation Table
1.32022-01-12Added CVE-2023-23692 to Proprietary Code Table. 

Informazioni correlate

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Dichiarazione di non responsabilità

Prodotti interessati

Data Domain, Data Domain, Data Domain Boost, Data Domain Boost – File System, Data Domain Boost - Open Storage, Data Domain Deduplication Storage Systems, Data Domain Encryption, Data Domain Extended Retention, Data Domain GDA , Data Domain NDMP Tape Server, Data Domain Replicator, Data Domain Retention Lock, Data Domain Storage Migration, Data Domain Virtual Tape Library, Data Domain Virtual Tape Library for IBM I/OS, Data Domain Virtual Edition, PowerProtect Data Domain Management Center, Product Security Information, Storage Direct for Data Domain ...
Proprietà dell'articolo
Numero articolo: 000201296
Tipo di articolo: Dell Security Advisory
Ultima modifica: 19 set 2025
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.