Command Injection Vulnerability in Dell vApp Manager
CVE-2023-48662

7.2HIGH

Key Information:

Vendor: Dell
Status: vApp Manager
Vendor: CVE Published:; 14 December 2023

Summary

Dell vApp Manager, prior to version 9.2.4.x, is susceptible to a command injection vulnerability that allows a remote attacker with elevated privileges to execute arbitrary operating system commands. This exploitation potential poses a significant security risk to the affected systems, as it can lead to unauthorized access and control. Organizations using impacted versions are advised to update to the latest version to mitigate this vulnerability and secure their systems.

Affected Version(s)

vApp Manager Versions prior to 9.2.4.x

References

https://www.dell.com/support/kbdoc/en-us/000220427/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Nov 17, 2023

Credit

Dell Technologies would like to thank 33a6099 for reporting these issues.