CVE-2024-48007

MEDIUM

Dell RecoverPoint for Virtual Machines 6.0.x - Unauthenticated Use of Hard-coded Credentials

Title source: llm

Description

Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities

Scores

CVSS v3 5.3

EPSS 0.0069

EPSS Percentile 72.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (1)

dell/recoverpoint_for_virtual_machines 6.0 sp1 (2 CPE variants)

Published Dec 13, 2024

Tracked Since Feb 18, 2026