CVE-2024-22461

Published: Dec 13, 2024Modified: Feb 4, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.

Affected (2)

Products: Dell: Recoverpoint For Virtual Machines

1 product

Recoverpoint For Virtual Machines

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Recoverpoint For Virtual Machines	Version 6.0 sp1
Dell Recoverpoint For Virtual Machines	Version 6.0 sp1_p1

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (1)

https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.