Dell RecoverPoint VM 5.3.x/6.0.SP1 OS Command Injection Vulnerability
CVE-2024-22426 Published on February 16, 2024
Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.
Vulnerability Analysis
CVE-2024-22426 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2024-22426 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2024-22426
Want to know whenever a new CVE is published for Dell Recoverpoint Virtual Machines? stack.watch will email you.
Affected Versions
Dell RecoverPoint for VMs:- Version 5.3 SP2 is affected.
- Version 5.3 SP2 P1 is affected.
- Version 5.3 SP2 P2 is affected.
- Version 5.3 SP2 P4 is affected.
- Version 5.3 SP3 P1 is affected.
- Version 5.3 SP3 P2 is affected.
- Version 6.0.SP1 is affected.
- Version 5.3_sp2 is affected.
- Version 5.3_sp2_p1 is affected.
- Version 5.3_sp2_p2 is affected.
- Version 5.3_sp2_p4 is affected.
- Version 5.3_sp3_p1 is affected.
- Version 5.3_sp3_p2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.