Main Vulnerability Database Vulnerabilities #VU102867

OS Command Injection in RecoverPoint for VMs - CVE-2024-22426

Published: January 16, 2025

Vulnerability identifier: #VU102867

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-22426

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Dell

Affected software:
RecoverPoint for VMs

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.

How to mitigate CVE-2024-22426

Install updates from vendor's website.

Sources

https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000228154/dsa-2024-369-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities

OS Command Injection in RecoverPoint for VMs - CVE-2024-22426

Detailed vulnerability description

How to mitigate CVE-2024-22426

Sources

Please verify you're human