← back
CVE-2024-48007

CVE-2024-48007

CVSS 5.3 MEDIUMEPSS 0.4%CWE-798
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
13 Dec 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Dell · RecoverPoint for Virtual Machines

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities