Login Sign Up

CVE-2024-48008

5.3 MEDIUM

📋 TL;DR

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS command injection vulnerability that allows low-privileged remote attackers to execute arbitrary commands. This could lead to information disclosure by reading sensitive files. Organizations using affected versions of this backup/recovery software are at risk.

💻 Affected Systems

Products:
  • Dell RecoverPoint for Virtual Machines
Versions: 6.0.x versions
Operating Systems: Linux-based appliance
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the virtual appliance deployment model. Requires network access to the management interface.

📦 What is this software?

Recoverpoint For Virtual Machines by Dell

View all CVEs affecting Recoverpoint For Virtual Machines →

Recoverpoint For Virtual Machines by Dell

View all CVEs affecting Recoverpoint For Virtual Machines →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through privilege escalation, data exfiltration, or deployment of ransomware across virtual infrastructure.

🟠

Likely Case

Information disclosure of sensitive configuration files, credentials, or backup data stored on the system.

🟢

If Mitigated

Limited impact if network segmentation restricts access and least privilege principles are enforced.

🌐 Internet-Facing: HIGH if exposed to internet, as remote attackers can exploit without authentication.
🏢 Internal Only: MEDIUM as internal attackers with low privileges could exploit, but network controls may limit access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires low-privileged access (not unauthenticated). Command injection vulnerabilities typically have low exploitation complexity once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version specified in DSA-2024-429

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities

Restart Required: Yes

Instructions:

1. Review Dell Security Advisory DSA-2024-429. 2. Download the appropriate update from Dell Support. 3. Apply the update following Dell's documented procedures. 4. Restart the RecoverPoint appliance as required.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to RecoverPoint management interface to trusted administrative networks only.

Principle of Least Privilege

all

Minimize the number of users with access to RecoverPoint and ensure they have only necessary permissions.

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure to trusted IP addresses only.
  • Monitor for unusual command execution patterns and file access attempts on the RecoverPoint system.

🔍 How to Verify

Check if Vulnerable:

Check current version via RecoverPoint web interface or CLI. If version is 6.0.x, system is vulnerable.

Check Version:

Connect to RecoverPoint CLI and run version check command specific to the appliance.

Verify Fix Applied:

Verify version has been updated to a version beyond 6.0.x as specified in Dell's advisory.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns in system logs
  • Unexpected file read operations on sensitive paths

Network Indicators:

  • Unusual outbound connections from RecoverPoint appliance
  • Traffic patterns suggesting data exfiltration

SIEM Query:

source="recoverpoint" AND (event_type="command_execution" OR file_access="/etc/passwd" OR file_access="/etc/shadow")

📊 Metadata

CVE ID: CVE-2024-48008
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-11
Published: December 13, 2024
Last Updated: February 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON