CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionNVD
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to credential exposure. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.
AnalysisAI
Insufficiently protected credentials in Dell PowerProtect Data Domain BoostFS client (versions 7.7.1.0-8.5, LTS releases 7.13.1.0-7.13.1.50, 8.3.1.0-8.3.1.20) enable local low-privileged attackers to extract stored credentials and escalate privileges to compromised account levels. The vulnerability carries CVSS 7.8 (High) with scope change indicating container/host boundary crossing, though attack complexity is rated High and requires local access with existing low privileges. No active exploitation (not in CISA KEV) or public exploit code identified at time of analysis, and EPSS data not available for risk quantification.
Technical ContextAI
CWE-522 (Insufficiently Protected Credentials) indicates that Dell PowerProtect Data Domain BoostFS client stores authentication credentials in a manner that allows unauthorized retrieval by local users with limited privileges. BoostFS is Dell's client-side component for backup data deduplication and transfer to PowerProtect Data Domain appliances. The vulnerability likely involves credentials cached locally on backup servers or client systems for authentication to the Data Domain backend, potentially stored in world-readable files, insufficiently protected registry keys, or memory accessible to low-privileged processes. The CVSS vector's Scope:Changed (S:C) parameter suggests the exposed credentials may grant access beyond the initial attack context, such as credentials for domain accounts, service accounts with elevated Data Domain administrative rights, or credentials that cross security boundaries between backup infrastructure and Data Domain storage systems. The High attack complexity (AC:H) indicates successful exploitation requires specific timing, system state, or race conditions beyond simply reading a file.
RemediationAI
Apply vendor-released patches per Dell Security Advisory DSA-2026-060 at https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities which addresses this and multiple other PowerProtect Data Domain vulnerabilities. Specific fixed versions not enumerated in available CVE data; consult advisory for exact patched releases corresponding to each affected track (Feature Release, LTS2024, LTS2025). Until patches applied, implement compensating controls: restrict local user access to systems running BoostFS client to only highly trusted backup administrators, enable detailed file and process access auditing on BoostFS installation directories to detect credential harvesting attempts (note: creates substantial log volume and performance overhead), and isolate BoostFS client systems on dedicated network segments with strict firewall rules preventing lateral movement if credentials compromised (trade-off: complicates legitimate backup traffic routing and may require firewall rule proliferation). Review and rotate any service account credentials used by BoostFS for Data Domain authentication immediately if compromise suspected, as exposed credentials may already be extracted from vulnerable systems.
Share
External POC / Exploit Code
Leaving vuln.today