CVE-2024-48008

Summary

Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information

Affected Software

VendorProductVersion RangeStatus
DellRecoverPoint for Virtual Machines6.0 SP1affected
DellRecoverPoint for Virtual Machines6.0 SP1 P1affected

Weaknesses

  • CWE-11: CWE-11: ASP.NET Misconfiguration: Creating Debug Binary

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References