CVE-2024-22426

{"id": "CVE-2024-22426", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-02-16T12:15:08.537", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000228154/dsa-2024-369-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise."}, {"lang": "es", "value": "Dell RecoverPoint for Virtual Machines 5.3.x contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a ejecutar comandos arbitrarios del sistema operativo, que se ejecutar\u00e1n en el contexto del usuario ra\u00edz, lo que comprometer\u00eda completamente el sistema."}], "lastModified": "2025-01-23T16:50:56.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D63758C-7150-4B89-BD05-08AAA2C3D018"}, {"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2_p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE782786-D263-4946-8CDF-8FDA831FC6C9"}, {"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2_p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7494092A-686D-4AE7-B420-80586564FA27"}, {"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2_p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F113FDFF-78AC-4F85-82B6-A01F2DD12CAB"}, {"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp3_p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE37056B-7198-4A83-8912-99DA65E6D889"}, {"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp3_p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B31D991B-B2BB-4D75-AA16-B47A87D556FB"}, {"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD0ABCD5-9273-4799-A916-3518ED5EBB46"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}