Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System\u00a0
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Dell Technologies has disclosed multiple critical vulnerabilities affecting its PowerProtect product line, including Data Domain (DD) appliances, PowerProtect Management Center, and other associated systems.\u00a0<\/p>\n
These vulnerabilities, if exploited, could allow attackers to compromise system integrity, escalate privileges, or execute arbitrary code<\/a>.\u00a0<\/p>\n Organizations relying on these systems for data protection and recovery are urged to take immediate action to mitigate the risks.<\/p>\n The vulnerabilities cover a wide spectrum of critical issues defined by their Common Vulnerabilities and Exposures (CVE) identifiers.\u00a0<\/p>\n The vulnerabilities have been assigned critical CVSS scores ranging from 8.6 to 9.8 due to their potential impact on confidentiality, integrity, and availability.\u00a0<\/p>\n Attack vectors include local privilege escalation and remote code execution<\/a>. Some flaws require low privileges or no user interaction for exploitation, making them particularly dangerous.<\/p>\n The most critical vulnerabilities include:<\/p>\n \u00a0An arbitrary code execution vulnerability in Artifex Ghostscript before version 10.03.1.\u00a0Attackers can exploit this flaw to execute malicious code remotely, potentially taking full control of the system.<\/p>\n This vulnerability affects Docker\u2019s Moby project and involves improper handling of API <\/a>requests when authorization plugins are enabled.\u00a0Exploitation could lead to privilege escalation under specific configurations.<\/p>\n Found in GNU Wget up to version 1.24.5, this vulnerability stems from improper URI parsing, enabling phishing attacks, man-in-the-middle (MiTM) exploits, and potential malware installation.<\/p>\n A flaw in Golang\u2019s net\/netip package causes improper validation of IPv4-mapped IPv6 addresses, which could lead to integrity loss or unauthorized actions.<\/p>\n A denial-of-service (DoS) vulnerability<\/a> in MIT Kerberos 5 (krb5), caused by invalid memory reads during GSS token handling.\u00a0This can disrupt system availability when exploited.<\/p>\n A critical heap corruption issue in the libgit2 library allows attackers to overwrite memory and execute arbitrary code.\u00a0libgit2 is a portable C implementation of the Git core methods that comes as a linkable library with a strong API, allowing you to integrate Git functionality into your program.<\/p>\n A heap-based buffer overflow in Perl\u2019s pack function before 5.26.2 allows context-dependent attackers to execute arbitrary code using a large item count.<\/p>\n Dell PowerProtect products affected by these vulnerabilities include:<\/p>\n Specific software versions impacted include DDOS<\/a> versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20<\/p>\n Dell has released<\/a> patches and updates addressing these vulnerabilities:<\/p>\n These vulnerabilities highlight the increasing sophistication of cyber threats targeting enterprise-grade data protection systems like Dell PowerProtect DD appliances, which are integral to managing sensitive data at scale.<\/p>\n Organizations failing to address these issues risk severe consequences such as data breaches, service disruptions, or ransomware attacks.<\/p>\n The post Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System\u00a0<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nKey Vulnerabilities and Technical Details<\/strong><\/h2>\n
\n
\n
\n
\n
\n
\n
\n
Impacted Systems<\/strong><\/h2>\n
\n
\n
Investigate Real-World Malicious Links & Phishing Attacks With\u00a0Threat Intelligence Lookup<\/strong>\u00a0-\u00a0Try for Free<\/a><\/code><\/strong><\/p>\n