CVE-2023-44304

Vulnerability

CVE-2023-44304 is a privilege escalation vulnerability in the Dell PowerProtect Data Manager DM5500 appliance. It resides in the restricted shell environment provided to low-privilege remote users. The affected versions are DM5500 5.14 and below [1]. The vulnerability allows an attacker with low privileges to escape the restricted shell boundary and execute arbitrary commands with root privilege.

Exploitation

An attacker needs remote network access to the appliance and valid low-privilege credentials (or the ability to obtain them). Once authenticated, the attacker can exploit the restricted shell to break out of its confinement. The exact sequence of commands or technique is not detailed in the available references, but it involves subverting the shell restrictions to gain an unrestricted root shell [1].

Impact

Successful exploitation grants the attacker full root access to the appliance. This leads to complete compromise of confidentiality, integrity, and availability of the appliance and the data it manages. The attacker can install persistent backdoors, modify or exfiltrate data, and disrupt operations [1].

Mitigation

Dell has released a fixed version, DM5500 5.15, to remediate this vulnerability. Affected users should upgrade to DM5500 5.15 or later. The upgrade package is available at the Dell support site [1]. No workarounds are documented; applying the update is the recommended action.