ByteOS Network

Type	CWE ID	Description
CWE	CWE-78	CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Version	Base score	Base severity	Vector
3.1	6.4	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Hyperlink	Resource
https://www.dell.com/support/kbdoc/000180775	x_refsource_MISC

Hyperlink	Resource
https://www.dell.com/support/kbdoc/000180775	x_refsource_MISC x_transferred

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.4	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE ID	Type	Source
CWE-78	Primary	nvd@nist.gov
CWE-78	Secondary	security_alert@emc.com

Hyperlink	Source	Resource
https://www.dell.com/support/kbdoc/000180775	security_alert@emc.com	Patch Vendor Advisory

CVE-2018-1185

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-1.52% / 80.49%

||

7 Day CHG~0.00%

Published-03 Feb, 2018 | 01:00

Updated-05 Aug, 2024 | 03:51

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.

Vendor-n/a Dell Inc.

Product-emc_recoverpoint emc_recoverpoint_for_virtual_machines EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2018-11077

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.30% / 53.09%

||

7 Day CHG+0.07%

Published-26 Nov, 2018 | 20:00

Updated-17 Sep, 2024 | 03:06

Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

Vendor-VMware (Broadcom Inc.)Dell Inc.

Product-emc_integrated_data_protection_appliance emc_avamar vsphere_data_protection Integrated Data Protection Appliance Avamar

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-30098

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.05% / 13.63%

||

7 Day CHG~0.00%

Published-04 Aug, 2025 | 14:42

Updated-12 Aug, 2025 | 03:55

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Vendor-Dell Inc.

Product-PowerProtect Data Domain LTS 2023 PowerProtect Data Domain Feature Release PowerProtect Data Domain LTS2024

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-30096

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.05% / 13.63%

||

7 Day CHG~0.00%

Published-04 Aug, 2025 | 14:32

Updated-12 Aug, 2025 | 03:55

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Vendor-Dell Inc.

Product-PowerProtect Data Domain LTS 2023 PowerProtect Data Domain Feature Release PowerProtect Data Domain LTS2024

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-30097

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.05% / 13.63%

||

7 Day CHG~0.00%

Published-04 Aug, 2025 | 14:38

Updated-12 Aug, 2025 | 03:55

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges

Vendor-Dell Inc.

Product-PowerProtect Data Domain LTS 2023 PowerProtect Data Domain Feature Release PowerProtect Data Domain LTS2024

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2018-1184

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.25% / 47.87%

||

7 Day CHG~0.00%

Published-03 Feb, 2018 | 01:00

Updated-05 Aug, 2024 | 03:51

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.

Vendor-n/a Dell Inc.

Product-emc_recoverpoint emc_recoverpoint_for_virtual_machines EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21527

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.05% / 16.73%

||

7 Day CHG~0.00%

Published-06 May, 2021 | 12:40

Updated-16 Sep, 2024 | 18:28

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21526

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.03% / 5.93%

||

7 Day CHG~0.00%

Published-20 Apr, 2021 | 16:45

Updated-17 Sep, 2024 | 00:06

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21599

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.30% / 52.58%

||

7 Day CHG~0.00%

Published-16 Aug, 2021 | 22:00

Updated-17 Sep, 2024 | 03:19

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21550

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.05% / 16.73%

||

7 Day CHG~0.00%

Published-06 May, 2021 | 12:40

Updated-16 Sep, 2024 | 20:01

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-34437

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.11% / 30.43%

||

7 Day CHG~0.00%

Published-21 Oct, 2022 | 18:05

Updated-07 May, 2025 | 15:53

Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-33923

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.30% / 53.23%

||

7 Day CHG~0.00%

Published-20 Jul, 2022 | 20:55

Updated-16 Sep, 2024 | 17:57

Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

Vendor-Dell Inc.

Product-emc_powerstore_3200t emc_powerstore_500t emc_powerstore_9200t emc_powerstore_5200t_firmware emc_powerstore_1200t_firmware emc_powerstore_9200t_firmware emc_powerstore_500t_firmware emc_powerstore_3200t_firmware emc_powerstore_1200t emc_powerstore_5200t PowerStore

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-26868

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.11% / 29.82%

||

7 Day CHG~0.00%

Published-02 Jun, 2022 | 21:00

Updated-17 Sep, 2024 | 04:25

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.

Vendor-Dell Inc.

Product-powerstore_x powerstore_t powerstoreos PowerStore

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-48668

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.04% / 9.41%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 15:45

Updated-02 Aug, 2024 | 21:37

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC.

Vendor-Dell Inc.

Product-powerprotect_data_domain_management_center PowerProtect DD

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-44279

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.68%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 15:22

Updated-01 Oct, 2024 | 14:44

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker

Vendor-Dell Inc.

Product-powerprotect_data_domain powerprotect_data_protection dd9400 dp5900 apex_protection_storage powerprotect_data_domain_management_center emc_data_domain_os dd6400 dd3300 dd9900 dd6900 dp4400 PowerProtect DD powerprotect_data_domain

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2020-26193

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.13% / 33.52%

||

7 Day CHG~0.00%

Published-09 Feb, 2021 | 21:25

Updated-16 Sep, 2024 | 21:57

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-43589

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.06% / 18.67%

||

7 Day CHG~0.00%

Published-24 Jan, 2022 | 20:10

Updated-17 Sep, 2024 | 00:21

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

Vendor-Dell Inc.

Product-emc_unity_operating_environment emc_unityvsa_operating_environment emc_unity_xt_operating_environment Unity

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-22555

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.56% / 67.39%

||

7 Day CHG~0.00%

Published-20 Jul, 2022 | 20:55

Updated-16 Sep, 2024 | 19:47

Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

Vendor-Dell Inc.

Product-emc_powerstore_3200t emc_powerstore_500t emc_powerstore_9200t emc_powerstore_5200t_firmware emc_powerstore_1200t_firmware emc_powerstore_9200t_firmware emc_powerstore_500t_firmware emc_powerstore_3200t_firmware emc_powerstore_1200t emc_powerstore_5200t PowerStore

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2019-3704

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.33% / 55.38%

||

7 Day CHG~0.00%

Published-07 Feb, 2019 | 19:00

Updated-16 Sep, 2024 | 17:58

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.

Vendor-Dell Inc.

Product-emc_vnx2_firmware emc_vnx2 VNX Control Station in Dell EMC VNX2 OE for File

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2019-3727

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.04% / 10.17%

||

7 Day CHG~0.00%

Published-15 May, 2019 | 15:45

Updated-17 Sep, 2024 | 03:42

OS command injection vulnerability

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root.

Vendor-Dell Inc.

Product-emc_recoverpoint recoverpoint_for_virtual_machines RecoverPoint

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-36293

Matching Score-10

Assigner-Dell

View Details

Matching Score-10

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.13% / 33.35%

||

7 Day CHG~0.00%

Published-08 Apr, 2022 | 19:50

Updated-17 Sep, 2024 | 01:10

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.

Vendor-Dell Inc.

Product-vnxe1600 vnx5600 vnx5400 vnx5800 vnx_vg10 emc_unity_operating_environment vnx5200 vnx_vg50 vnx7600 vnx8000 VNX2

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE ID-CWE-269

Improper Privilege Management

CVE-2016-0911

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.35% / 56.70%

||

7 Day CHG-0.32%

Published-19 Jun, 2016 | 20:00

Updated-12 Apr, 2025 | 10:46

EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges.

Vendor-n/a Dell Inc.

Product-emc_data_domain_os n/a

CVE-2023-28033

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.01%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:37

Updated-08 Nov, 2024 | 15:14

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-25961

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.06% / 17.29%

||

7 Day CHG~0.00%

Published-28 Mar, 2024 | 18:00

Updated-09 Jan, 2025 | 16:48

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-269

Improper Privilege Management

CVE-2024-25967

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.08% / 23.30%

||

7 Day CHG~0.00%

Published-14 May, 2024 | 06:44

Updated-09 Jan, 2025 | 15:51

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS powerscale_onefs

CWE ID-CWE-250

Execution with Unnecessary Privileges

CVE-2023-28061

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.01%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:19

Updated-08 Nov, 2024 | 16:51

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-46756

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.05% / 14.53%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 05:37

Updated-27 Mar, 2025 | 13:25

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Vendor-Dell Inc.

Product-vxrail_manager VxRail HCI

CWE ID-CWE-668

Exposure of Resource to Wrong Sphere

CVE-2023-28054

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.01%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:06

Updated-08 Nov, 2024 | 15:13

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36343

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.85%

||

7 Day CHG~0.00%

Published-24 Jan, 2022 | 20:10

Updated-16 Sep, 2024 | 16:44

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36279

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.03%

||

7 Day CHG~0.00%

Published-16 Aug, 2021 | 22:00

Updated-16 Sep, 2024 | 23:05

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2021-36324

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.85%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-16 Sep, 2024 | 18:13

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36323

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.85%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-17 Sep, 2024 | 02:02

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36283

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.85%

||

7 Day CHG~0.00%

Published-28 Sep, 2021 | 19:20

Updated-16 Sep, 2024 | 16:58

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36325

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.85%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-16 Sep, 2024 | 20:31

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36317

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 12.18%

||

7 Day CHG~0.00%

Published-21 Dec, 2021 | 17:05

Updated-16 Sep, 2024 | 16:42

Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Vendor-Dell Inc.

Product-emc_powerprotect_data_protection_appliance emc_avamar_server Avamar

CWE ID-CWE-256

Plaintext Storage of a Password

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2021-36290

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.11% / 30.42%

||

7 Day CHG~0.00%

Published-08 Apr, 2022 | 19:50

Updated-16 Sep, 2024 | 16:53

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.

Vendor-Dell Inc.

Product-vnxe1600 vnx5600 vnx5400 vnx5800 vnx_vg10 emc_unity_operating_environment vnx5200 vnx_vg50 vnx7600 vnx8000 VNX2

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CWE ID-CWE-269

Improper Privilege Management

CVE-2024-0158

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.04% / 13.11%

||

7 Day CHG~0.00%

Published-02 Jul, 2024 | 06:20

Updated-01 Aug, 2024 | 17:41

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36315

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.8||MEDIUM

EPSS-0.04% / 12.73%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-17 Sep, 2024 | 00:31

Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.

Vendor-Dell Inc.

CVE-2020-5378

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.8||MEDIUM

EPSS-0.05% / 13.48%

||

7 Day CHG~0.00%

Published-02 Sep, 2020 | 20:55

Updated-17 Sep, 2024 | 01:51

Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

Vendor-Dell Inc.

Product-g7_17_7790_bios g7_17_7790 CPG BIOS

CWE ID-CWE-416

Use After Free

CVE-2018-15782

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.7||HIGH

EPSS-0.04% / 8.82%

||

7 Day CHG~0.00%

Published-16 Jan, 2019 | 20:00

Updated-17 Sep, 2024 | 03:38

DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability

The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.

Vendor-Dell Inc.RSA Security LLC

Product-authentication_manager RSA Authentication Manager

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2022-45095

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.07% / 23.07%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 04:45

Updated-27 Mar, 2025 | 13:24

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2018-1203

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-1.08% / 76.95%

||

7 Day CHG~0.00%

Published-26 Mar, 2018 | 18:00

Updated-16 Sep, 2024 | 19:20

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.

Vendor-Dell Inc.

Product-emc_isilon_onefs Isilon OneFS

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2018-1204

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.95% / 75.40%

||

7 Day CHG~0.00%

Published-26 Mar, 2018 | 18:00

Updated-16 Sep, 2024 | 17:42

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.

Vendor-Dell Inc.

Product-emc_isilon_onefs Isilon OneFS

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2023-39251

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 8.26%

||

7 Day CHG~0.00%

Published-22 Dec, 2023 | 17:55

Updated-02 Aug, 2024 | 18:02

Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.

CWE ID-CWE-20

Improper Input Validation

CVE-2018-11072

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.08% / 23.45%

||

7 Day CHG~0.00%

Published-02 Oct, 2018 | 13:00

Updated-16 Sep, 2024 | 19:57

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.

Vendor-Dell Inc.

Product-digital_delivery Dell Digital Delivery

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2021-21547

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.02% / 3.65%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 21:10

Updated-16 Sep, 2024 | 18:34

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Vendor-Dell Inc.

Product-unity_operating_environment unityvsa_operating_environment unity_xt_operating_environment Unity

CWE ID-CWE-312

Cleartext Storage of Sensitive Information

CVE-2021-21518

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 9.49%

||

7 Day CHG~0.00%

Published-12 Mar, 2021 | 20:10

Updated-16 Sep, 2024 | 19:31

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs supportassist_client_promanage Dell SupportAssist Client

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2021-21590

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.12% / 31.25%

||

7 Day CHG~0.00%

Published-12 Jul, 2021 | 15:40

Updated-16 Sep, 2024 | 20:57

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Vendor-Dell Inc.

Product-emc_unity_operating_environment emc_unityvsa_operating_environment emc_unity_xt_operating_environment Unity

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2021-21595

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.19% / 40.57%

||

7 Day CHG~0.00%

Published-16 Aug, 2021 | 22:00

Updated-17 Sep, 2024 | 00:30

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2021-21557

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.1||HIGH

EPSS-0.04% / 11.68%

||

7 Day CHG~0.00%

Published-14 Jun, 2021 | 19:10

Updated-16 Sep, 2024 | 17:02

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-125

Out-of-bounds Read

CVE-2020-29499

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs