CVE-2026-35154

MEDIUM

6.3

Description

Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability in IDRAC. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges to access unauthorized delete operation in IDRAC.

Details CVE

Score CVSS v3.16.3

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteHIGH

Privileges requisHIGH

Interaction utilisateurREQUIRED

Publie4/20/2026

Derniere modification4/20/2026

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-269

References

https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities(security_alert@emc.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.