CVE-2024-48008

Name of the Vulnerable Software and Affected Versions Dell RecoverPoint for Virtual Machines versions 6.0.x

Description The issue is related to an OS Command Injection vulnerability. A low-privileged remote attacker could potentially exploit this vulnerability, leading to information disclosure. This could allow unintended actions, such as reading files that may contain sensitive information. The vulnerability is associated with a configuration error in ASP.NET, specifically the creation of a debug binary file.

Recommendations For Dell RecoverPoint for Virtual Machines version 6.0.x, consider restricting access to sensitive files and configuring the system to minimize the risk of exploitation until a patch is available. As a temporary workaround, restrict the use of system commands to prevent potential information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.