CVE-2024-22461

Summary

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.

Affected Software

VendorProductVersion RangeStatus
DellRecoverPoint for Virtual Machines6.0 SP1affected
DellRecoverPoint for Virtual Machines6.0 SP1 P1affected

Weaknesses

  • CWE-347: CWE-347: Improper Verification of Cryptographic Signature

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References