CVE-2024-25955

Summary

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

Affected Software

VendorProductVersion RangeStatus
DellVirtual Appliance (vApp) ManagerN/A < 9.2.4.9affected
DellVirtual Appliance (vApp) ManagerN/A < 9.2.4.6affected
DellVirtual Appliance (vApp) ManagerN/A < 5978affected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References