cognitive cybersecurity intelligence

News and Analysis

Search

Multiple Dell PowerProtect Vulnerabilities Allow Hackers to Gain Full System Access Remotely

Multiple Dell PowerProtect Vulnerabilities Allow Hackers to Gain Full System Access Remotely

Dell has released security updates to address multiple critical vulnerabilities in its PowerProtect Data Domain products that could allow an unauthenticated remote attacker to gain complete control of affected systems.

The vulnerabilities impact several PowerProtect Data Domain platforms, including Data Domain appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and the Data Domain Management Center.

The most severe vulnerabilities could enable an attacker to remotely access and take full control of an exposed system without requiring valid credentials or user interaction.

The two most critical flaws are CVE-2026-53483 and CVE-2026-53481, both with a CVSS severity score of 9.8 out of 10, making them critical.

The CVSS vector for these vulnerabilities indicates they can be exploited over a network with low attack complexity, no privileges required, and no victim interaction.

CVE-2026-53483 is an improper authentication vulnerability in Dell PowerProtect Data Domain. It potentially allows an unauthenticated attacker with remote access to obtain unauthorized access to a vulnerable device.

Successful exploitation may grant the attacker complete control of the system, prompting Dell to urge customers to install updates as soon as possible.

CVE-2026-53481 is a path traversal vulnerability, meaning there is an improper limitation of a pathname to a restricted directory. This weakness may enable an unauthenticated remote attacker to access resources outside of their intended directory boundaries.

Dell PowerProtect Vulnerabilities

Exploitation of this flaw could also result in unauthorized access to the system and a full compromise of the affected platform. Affected releases include DD OS versions from 7.7.1.0 through 8.7.0.0, as well as supported long-term support branches.

Specific vulnerable long-term support (LTS) systems include DD OS 8.6.1.0 through 8.6.1.10, LTS2025 deployments running versions 8.3.1.0 through 8.3.1.30, and LTS2024 systems running DD OS 7.13.1.0 through 7.13.1.70.

Dell has released patched versions for each supported branch. Organizations using feature-release versions should upgrade to DD OS 8.7.0.0 or later, or to DD OS 8.8.0.0 or later, depending on their selected release path.

Customers on long-term support releases should move to DD OS 8.6.1.20, 8.3.1.40, or 7.13.1.80, or to any later applicable version.

The advisory also covers a broad set of other CVEs affecting PowerProtect Data Domain software and management components, including vulnerabilities in third-party and proprietary code. Updates are distributed across the following versions: DD OS 8.8, 8.7, 8.6.1, 8.3.1, and 7.13.1.

Data protection systems are high-value targets because they often store backup data, recovery points, credentials, and operational information.

A full compromise could enable attackers to steal protected data, alter configurations, disrupt backup operations, or delete recovery copies before deploying ransomware.

Organizations should prioritize patching internet-accessible or remotely managed Data Domain systems, restrict administrative interfaces to trusted networks, review authentication and access logs for unusual activity, and confirm installed versions after upgrading.

Dell noted that some vulnerability scanners might continue to report false positives after remediation, so administrators should consult the company’s relevant knowledge base articles to validate patch status.

 Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.
The post Multiple Dell PowerProtect Vulnerabilities Allow Hackers to Gain Full System Access Remotely appeared first on Cyber Security News.

Source: cybersecuritynews.com –

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts