Privilege Escalation Vulnerability in Dell PowerProtect Cyber Recovery
CVE-2022-32481

7.8HIGH

Key Information:

Vendor: Dell
Status: Cyber Recovery
Vendor: CVE Published:; 7 July 2022

What is CVE-2022-32481?

Dell PowerProtect Cyber Recovery prior to version 19.11 has a vulnerability in its virtual appliance deployments that allows a lower-privileged authenticated user to escalate their privileges to root. By chaining specific docker commands, an attacker can gain complete control over the system, making it critical for users to update to the latest version to mitigate this risk.

Affected Version(s)

Cyber Recovery < 19.11

References

https://support.emc.com/kb/000201213

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2022
Vulnerability Reserved
Jun 6, 2022