← back
CVE-2024-22426

CVE-2024-22426

CVSS 7.2 HIGHEPSS 1.4%CWE-434
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 1.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
16 Feb 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Dell · RecoverPoint for VMs

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilitieshttps://www.dell.com/support/kbdoc/en-us/000228154/dsa-2024-369-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities