CVE-2024-22445

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Feb 13, 2024

Updated: Feb 27, 2024

CWE ID 78

Summary

CVE-2024-22445 is a critical vulnerability affecting Dell PowerProtect Data Manager versions 19.15 and below. This issue allows a remote, high privileged attacker to execute arbitrary OS commands on the underlying operating system, potentially resulting in a system takeover. The vulnerability stems from an OS command injection weakness, which could be exploited to gain unauthorized access and control over the application and the system. This flaw poses a significant risk to organizations utilizing Dell PowerProtect Data Manager and emphasizes the importance of promptly applying patches and implementing robust cybersecurity measures.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

Dell Technologies, Inc.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database