CVE-2024-22426
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | RecoverPoint for VMs | 5.3 SP2 | affected |
| Dell | RecoverPoint for VMs | 5.3 SP2 P1 | affected |
| Dell | RecoverPoint for VMs | 5.3 SP2 P2 | affected |
| Dell | RecoverPoint for VMs | 5.3 SP2 P4 | affected |
| Dell | RecoverPoint for VMs | 5.3 SP3 P1 | affected |
| Dell | RecoverPoint for VMs | 5.3 SP3 P2 | affected |
| Dell | RecoverPoint for VMs | 6.0.SP1 | affected |
Weaknesses
- CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000228154/dsa-2024-369-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.