Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-22426

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.

Published

2024-02-16T12:15:08.537

Last Modified

2025-01-23T16:50:56.417

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-434
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dell	recoverpoint_for_virtual_machines	5.3	Yes
Application	dell	recoverpoint_for_virtual_machines	5.3	Yes
Application	dell	recoverpoint_for_virtual_machines	5.3	Yes
Application	dell	recoverpoint_for_virtual_machines	5.3	Yes
Application	dell	recoverpoint_for_virtual_machines	5.3	Yes
Application	dell	recoverpoint_for_virtual_machines	5.3	Yes
Application	dell	recoverpoint_for_virtual_machines	6.0	Yes

References

https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/en-us/000228154/dsa-2024-369-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)