CVE-2024-22461

Name of the Vulnerable Software and Affected Versions Dell RecoverPoint for Virtual Machines version 6.0.x

Description The issue is related to an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of the complete system. This could allow the attacker to elevate their privileges to the root level.

Recommendations For version 6.0.x, consider restricting access to the system until a patch is available, and avoid using any commands that could be exploited by the vulnerability. As a temporary workaround, consider disabling any functionality that allows remote command execution until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.