Command Injection Vulnerability in Dell vApp Manager
CVE-2023-48663

7.2HIGH

Key Information:

Vendor: Dell
Status: vApp Manager
Vendor: CVE Published:; 14 December 2023

Summary

Dell vApp Manager prior to version 9.2.4.x is susceptible to a command injection vulnerability that allows a remote attacker with elevated privileges to potentially execute arbitrary OS commands on the affected system. This issue raises significant security concerns, as it could be exploited to gain unauthorized access and control over system functions, undermining the integrity and confidentiality of the system.

Affected Version(s)

vApp Manager Versions prior to 9.2.4.x

References

https://www.dell.com/support/kbdoc/en-us/000220427/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Nov 17, 2023

Credit

Dell Technologies would like to thank 33a6099 for reporting these issues.