Command Injection Vulnerability in Dell vApp Manager Software
CVE-2023-48664

7.2HIGH

Key Information:

Vendor: Dell
Status: vApp Manager
Vendor: CVE Published:; 14 December 2023

Summary

Dell vApp Manager prior to version 9.2.4.x is affected by a command injection vulnerability that allows remote users with elevated privileges to execute arbitrary operating system commands. Exploiting this vulnerability could compromise the integrity of the affected system, leading to potential unauthorized access and control.

Affected Version(s)

vApp Manager Versions prior to 9.2.4.x

References

https://www.dell.com/support/kbdoc/en-us/000220427/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Nov 17, 2023

Credit

Dell Technologies would like to thank 33a6099 for reporting these issues.