CVE-2024-25955OS Command Injection in Dell Virtual Appliance Manager

CWE-78OS Command InjectionCWE-77Command Injection3 documents3 sources
Severity
8.8HIGHNVD
CNA7.2
EPSS
0.4%
top 37.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Dell Virtual Appliance ManagerDell Solutions Enabler Virtual ApplianceDell Unisphere FOR Powermax Virtual Appliance+1 more
Timeline
PublishedMar 28

Description

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5dell/virtual_appliance_managerN/A9.2.4.9+2
NVDdell/unisphere< 9.2.4.9

🔴Vulnerability Details

2
GHSA
GHSA-j9cj-hqr5-3wcm: Dell vApp Manager, versions prior to 92024-03-28
CVEList
CVE-2024-25955: Dell vApp Manager, versions prior to 92024-03-28
CVE-2024-25955 — OS Command Injection in Dell | cvebase