CVE-2024-22426

HIGH

Dell RecoverPoint for Virtual Machines <6.0.SP1 - Command Injection

Title source: llm
STIX 2.1

Description

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.

References (2)

Core 2

Scores

CVSS v3 7.2
EPSS 0.0079
EPSS Percentile 73.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-78 CWE-434
Status published
Products (2)
dell/recoverpoint_for_virtual_machines 5.3 sp2 (6 CPE variants)
dell/recoverpoint_for_virtual_machines 6.0 sp1
Published Feb 16, 2024
Tracked Since Feb 18, 2026