Plateforme
dell
Composant
dell-powerprotect-data-domain
Corrigé dans
8.6.0.0
8.3.1.20
CVE-2026-23775 is a security vulnerability affecting Dell PowerProtect Data Domain appliances running Data Domain Operating System (DD OS) versions 8.0 through 8.5, and LTS2025 release versions 8.3.1.0 through 8.3.1.10. A low-privileged attacker with remote access can exploit this flaw to insert sensitive information into log files, potentially leading to credential exposure. The vulnerability is specifically triggered when retention lock is enabled, and a fix is available in version 8.6.0.0 or later.
CVE-2026-23775 affects Dell PowerProtect Data Domain appliances running the DD OS in Feature Release versions 8.0 through 8.5, and LTS2025 release version 8.3.1.0 through 8.3.1.10. It allows for the insertion of sensitive information into log files. A low-privileged attacker with remote access could potentially exploit this vulnerability, leading to credential exposures. Authentication attempts as the compromised user would need to be authorized by a high-privileged DD user. This vulnerability poses a risk to data confidentiality and integrity, as exposed credentials could enable unauthorized access to sensitive data stored within the Data Domain appliance.
A remote attacker with access to the Data Domain appliance could exploit this vulnerability by injecting sensitive data into the log files. This data could include usernames, passwords, or configuration-related information. The complexity of exploitation is relatively low, as it does not require elevated privileges to access the appliance. However, authorization for access as the compromised user requires a high-privileged DD user. The impact of exploitation can be significant, potentially allowing unauthorized access to sensitive data and compromising the appliance's security.
Statut de l'Exploit
EPSS
0.02% (percentile 5%)
CISA SSVC
Vecteur CVSS
The recommended mitigation for this vulnerability is to update Dell PowerProtect Data Domain appliances to version 8.6.0.0 or later. Dell has released this update to address the issue and prevent the exposure of sensitive information. It is strongly advised to apply the update as soon as possible to minimize the risk of exploitation. Additionally, review and strengthen access and authentication policies to limit the potential impact should the vulnerability be exploited before the update is applied. Regular monitoring of system logs for suspicious activity is also recommended.
Actualice sus appliances Dell PowerProtect Data Domain a la versión 8.6.0.0 o posterior, o a la versión 8.3.1.20 o posterior. Consulte la Dell Security Advisory DSA-2026-060 para obtener más detalles e instrucciones de actualización.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
Affected versions are Feature Release 8.0 through 8.5 and LTS2025 8.3.1.0 through 8.3.1.10.
No for initial access, but yes for authentication as the compromised user.
Review and strengthen access policies, monitor logs, and consider network segmentation.
No, there is currently no KEV available for this vulnerability.
The update is available on the Dell support website.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.