CVE-2024-22426

Summary

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.

Affected Software

VendorProductVersion RangeStatus
DellRecoverPoint for VMs5.3 SP2affected
DellRecoverPoint for VMs5.3 SP2 P1affected
DellRecoverPoint for VMs5.3 SP2 P2affected
DellRecoverPoint for VMs5.3 SP2 P4affected
DellRecoverPoint for VMs5.3 SP3 P1affected
DellRecoverPoint for VMs5.3 SP3 P2affected
DellRecoverPoint for VMs6.0.SP1affected

Weaknesses

  • CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References