DSA-2022-187: Dell Technologies PowerProtect Data Domain Security Update for Multiple Third-Party Component Vulnerabilities
Summary: Dell Technologies PowerProtect Data Domain remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Acest articol se aplică pentru
Acest articol nu se aplică pentru
Acest articol nu este legat de un produs specific.
Acest articol nu acoperă toate versiunile de produs existente.
Impact
Critical
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-23692 | Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system. | 8.8 | CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H  |
| Third-party Component | CVEs | More information |
| iDRAC9 | CVE-2022-24422 | See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability |
| Intel BIOS | CVE-2021-0060 | See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release |
| CVE-2021-0147 | ||
| CVE-2021-0127 | ||
| CVE-2021-0103 | ||
| CVE-2021-0114 | ||
| CVE-2021-0115 | ||
| CVE-2021-0116 | ||
| CVE-2021-0117 | ||
| CVE-2021-0118 | ||
| CVE-2021-0099 | ||
| CVE-2021-0111 | ||
| CVE-2021-0107 | ||
| CVE-2021-0125 | ||
| CVE-2021-0124 | ||
| CVE-2021-0119 | ||
| CVE-2021-0092 | ||
| CVE-2021-0091 | ||
| CVE-2021-0093 | ||
| CVE-2019-14584 | See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities | |
| CVE-2021-28210 | ||
| CVE-2021-28211 | ||
| OpenSSL | CVE-2022-0778 | https://nvd.nist.gov/vuln/detail/CVE-2022-0778 |
| OpenSSH | CVE-2021-41617 | https://nvd.nist.gov/vuln/detail/CVE-2021-41617 https://nvd.nist.gov/vuln/detail/CVE-2020-14145 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 |
| CVE-2020-14145 | ||
| CVE-2016-20012 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-23692 | Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system. | 8.8 | CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| iDRAC9 | CVE-2022-24422 | See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability |
| Intel BIOS | CVE-2021-0060 | See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release |
| CVE-2021-0147 | ||
| CVE-2021-0127 | ||
| CVE-2021-0103 | ||
| CVE-2021-0114 | ||
| CVE-2021-0115 | ||
| CVE-2021-0116 | ||
| CVE-2021-0117 | ||
| CVE-2021-0118 | ||
| CVE-2021-0099 | ||
| CVE-2021-0111 | ||
| CVE-2021-0107 | ||
| CVE-2021-0125 | ||
| CVE-2021-0124 | ||
| CVE-2021-0119 | ||
| CVE-2021-0092 | ||
| CVE-2021-0091 | ||
| CVE-2021-0093 | ||
| CVE-2019-14584 | See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities | |
| CVE-2021-28210 | ||
| CVE-2021-28211 | ||
| OpenSSL | CVE-2022-0778 | https://nvd.nist.gov/vuln/detail/CVE-2022-0778 |
| OpenSSH | CVE-2021-41617 | https://nvd.nist.gov/vuln/detail/CVE-2021-41617 https://nvd.nist.gov/vuln/detail/CVE-2020-14145 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 |
| CVE-2020-14145 | ||
| CVE-2016-20012 |
Produse afectate și măsuri de remediere
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-24422 | PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900 | 7.0 to 7.8 | 7.9.0.0 and later Or 7.7.2 and later to stay on LTS 7.7 |
For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles): |
| CVE-2021-0060 | ||||
| CVE-2021-0147 | ||||
| CVE-2021-0127 | ||||
| CVE-2021-0103 | ||||
| CVE-2021-0114 | ||||
| CVE-2021-0115 | ||||
| CVE-2021-0116 | ||||
| CVE-2021-0117 | ||||
| CVE-2021-0118 | ||||
| CVE-2021-0099 | ||||
| CVE-2021-0111 | ||||
| CVE-2021-0107 | ||||
| CVE-2021-0125 | ||||
| CVE-2021-0124 | ||||
| CVE-2021-0119 | ||||
| CVE-2021-0092 | ||||
| CVE-2021-0091 | ||||
| CVE-2021-0093 | ||||
| CVE-2019-14584 | ||||
| CVE-2021-28210 | ||||
| CVE-2021-28211 | ||||
| CVE-2022-0778 | PowerProtect DD DDOS and DDMC |
7.0 to 7.8 | 7.9.0.0 and later Or 7.7.3 and later to stay on LTS |
|
| CVE-2021-41617 | ||||
| CVE-2020-14145 | LTS 7.7.1 to 7.7.2 | 7.7.3 and later | ||
| CVE-2016-20012 | 6.2.1.80 and earlier | 6.2.1.90 and later | ||
| CVE-2023-23692 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-24422 | PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900 | 7.0 to 7.8 | 7.9.0.0 and later Or 7.7.2 and later to stay on LTS 7.7 |
For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles): |
| CVE-2021-0060 | ||||
| CVE-2021-0147 | ||||
| CVE-2021-0127 | ||||
| CVE-2021-0103 | ||||
| CVE-2021-0114 | ||||
| CVE-2021-0115 | ||||
| CVE-2021-0116 | ||||
| CVE-2021-0117 | ||||
| CVE-2021-0118 | ||||
| CVE-2021-0099 | ||||
| CVE-2021-0111 | ||||
| CVE-2021-0107 | ||||
| CVE-2021-0125 | ||||
| CVE-2021-0124 | ||||
| CVE-2021-0119 | ||||
| CVE-2021-0092 | ||||
| CVE-2021-0091 | ||||
| CVE-2021-0093 | ||||
| CVE-2019-14584 | ||||
| CVE-2021-28210 | ||||
| CVE-2021-28211 | ||||
| CVE-2022-0778 | PowerProtect DD DDOS and DDMC |
7.0 to 7.8 | 7.9.0.0 and later Or 7.7.3 and later to stay on LTS |
|
| CVE-2021-41617 | ||||
| CVE-2020-14145 | LTS 7.7.1 to 7.7.2 | 7.7.3 and later | ||
| CVE-2016-20012 | 6.2.1.80 and earlier | 6.2.1.90 and later | ||
| CVE-2023-23692 |
Revision History
| Revision | Date | Description |
| 1.0 | 2022-07-07 | Initial Release |
| 1.1 | 2022-07-12 | Edited versions in Affected Products and Remediation Table Affected Version Column |
| 1.2 | 2022-08-31 | Added "7.7.3 and above" to Affected Products and Remediation Table |
| 1.3 | 2022-01-12 | Added CVE-2023-23692 to Proprietary Code Table. |
Related Information
Exonerare de răspundere
Produse afectate
Data Domain, Data Domain, Data Domain Boost, Data Domain Boost – File System, Data Domain Boost - Open Storage, Data Domain Deduplication Storage Systems, Data Domain Encryption, Data Domain Extended Retention, Data Domain GDA
, Data Domain NDMP Tape Server, Data Domain Replicator, Data Domain Retention Lock, Data Domain Storage Migration, Data Domain Virtual Tape Library, Data Domain Virtual Tape Library for IBM I/OS, Data Domain Virtual Edition, PowerProtect Data Domain Management Center, Product Security Information, Storage Direct for Data Domain
...
Proprietăți articol
Article Number: 000201296
Article Type: Dell Security Advisory
Ultima modificare: 19 Sep 2025
Găsiți răspunsuri la întrebările dvs. de la alți utilizatori Dell
Servicii de asistență
Verificați dacă dispozitivul dvs. este acoperit de serviciile de asistență.