Dell PowerProtect Data Domain Weak Credentials Vulnerability (CVE-2026-23853)
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions 7.7.1.0 through 8.5, 8.3.1.0 through 8.3.1.20, and 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability (CVE-2026-23853) that can lead to unauthorized access by a local attacker.
Dell PowerProtect Data Domain is affected by a vulnerability (CVE-2026-23853) stemming from the use of weak credentials in Data Domain Operating System (DD OS). This issue impacts Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.50. An unauthenticated, local attacker could exploit this vulnerability to gain unauthorized access to the system. Exploitation does not require network access, but rather relies on the presence of weak default or easily guessable credentials within the affected DD OS versions. This vulnerability poses a significant risk to the confidentiality, integrity, and availability of data stored on the affected systems.
Attack Chain
- An attacker gains local access to a Dell PowerProtect Data Domain system running a vulnerable DD OS version (7.7.1.0-8.5, 8.3.1.0-8.3.1.20, or 7.13.1.0-7.13.1.50).
- The attacker attempts to authenticate using default or weak credentials.
- Upon successful authentication with weak credentials, the attacker gains unauthorized access to the DD OS.
- The attacker escalates privileges within the DD OS using commands available through the compromised account.
- The attacker gains access to sensitive data, including backup configurations, data encryption keys, or stored data backups.
- The attacker exfiltrates sensitive data from the Data Domain system to a remote location.
- The attacker modifies backup configurations to disrupt or prevent future backups.
Impact
Successful exploitation of CVE-2026-23853 allows an attacker with local access to gain unauthorized access to Dell PowerProtect Data Domain systems. This can lead to the compromise of sensitive data stored within the backups, including customer data, financial records, and intellectual property. The impact ranges from data breaches and financial losses to reputational damage and disruption of business operations. The affected systems are primarily used in enterprise environments, so a successful attack may impact hundreds of organizations.
Recommendation
- Apply the security update provided by Dell as described in DSA-2026-060 to remediate the weak credentials vulnerability detailed in CVE-2026-23853. The advisory URL is available in the references section.
- Review and enforce strong password policies for all accounts on Dell PowerProtect Data Domain systems.
- Monitor authentication logs for the use of default credentials and failed login attempts on the affected systems.
- Restrict local access to Dell PowerProtect Data Domain systems to authorized personnel only.
Detection coverage 3
Detect Login Attempts with Default Usernames on Dell PowerProtect
mediumDetects login attempts using common default usernames on Dell PowerProtect Data Domain systems, indicating potential exploitation of weak credentials.
Detect Access to Sensitive Files After Login on Dell PowerProtect
highDetects access to sensitive configuration files or data directories on Dell PowerProtect Data Domain systems following a login event, which may indicate unauthorized access after exploiting weak credentials.
Detect Commands Indicative of Privilege Escalation on Dell PowerProtect
mediumDetects the execution of commands commonly used for privilege escalation or system modification on Dell PowerProtect systems. This could indicate an attacker leveraging compromised credentials.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
1
url
| Type | Value |
|---|---|
| url | https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities |
| [email protected] |