CVE-2024-22426

Published Feb 16, 2024

Last updated 2 months ago

CVSS high 7.2

Overview

Description: Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.
Source: security_alert@emc.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

security_alert@emc.com: CWE-434
nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D63758C-7150-4B89-BD05-08AAA2C3D018"
          },
          {
            "criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2_p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE782786-D263-4946-8CDF-8FDA831FC6C9"
          },
          {
            "criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2_p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7494092A-686D-4AE7-B420-80586564FA27"
          },
          {
            "criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2_p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F113FDFF-78AC-4F85-82B6-A01F2DD12CAB"
          },
          {
            "criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp3_p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE37056B-7198-4A83-8912-99DA65E6D889"
          },
          {
            "criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp3_p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B31D991B-B2BB-4D75-AA16-B47A87D556FB"
          },
          {
            "criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD0ABCD5-9273-4799-A916-3518ED5EBB46"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References