EUVD-2026-23378CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system.
AnalysisAI
Weak default credentials in Dell PowerProtect Data Domain DD OS versions 7.7.1.0 through 8.5, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.50 allow local unauthenticated attackers to gain complete system access with high confidentiality, integrity, and availability impact. This CWE-1391 authentication bypass vulnerability carries CVSS 8.4 severity. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all Dell PowerProtect Data Domain systems in your environment and document current OS versions. Within 7 days: Apply vendor patches (8.6.0.0 for version 8.5 branch; 8.3.1.30 for LTS2025; 7.13.1.50 for LTS2024; 2.7.9 for earlier branches) and change all default credentials immediately. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today