Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.
The vulnerability classified as CWE-290 (Authentication Bypass by Spoofing) involves the DD OS system authentication mechanism being bypassed through impersonation of an authorized entity. A remote, unauthenticated attacker can exploit this flaw to create a new account in the system without possessing any prior privileges. This results in complete circumvention of the system's security mechanisms.
An attacker can create unauthorized accounts in the system, leading to potential customer data disclosure, system integrity violation, and reduced availability.
Apply patches available from the vendor according to references — detailed information about patched versions is available in Dell security bulletin DSA-2025-159 at: https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
Dell PowerProtect Data Domain with DD OS in the following versions: Feature Release 7.7.1.0–8.3.0.15, LTS2024 7.13.1.0–7.13.1.25, LTS2023 7.10.1.0–7.10.1.60
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDell Data Domain Operating System
OSDell7.7.1.0 – 7.10.1.70 (bez)7.13.1.0 – 7.13.1.30 (bez)8.0.0.0 – 8.3.1.0 (bez)
Related vulnerabilities
Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through...
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20,...
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 th...
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20,...
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A ...