Command Injection Vulnerability in Dell vApp Manager Affects System Security
CVE-2023-48665

7.2HIGH

Key Information:

Vendor: Dell
Status: vApp Manager,
Vendor: CVE Published:; 14 December 2023

Summary

Dell vApp Manager versions prior to 9.2.4.x are susceptible to a command injection vulnerability. A remote attacker with elevated privileges could exploit this flaw, enabling them to execute arbitrary operating system commands on the compromised system. This situation poses a significant risk to the integrity and confidentiality of the affected installations, necessitating prompt attention and remediation.

Affected Version(s)

vApp Manager, Versions prior to 9.2.4.x

References

https://www.dell.com/support/kbdoc/en-us/000220427/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Nov 17, 2023

Credit

Dell Technologies would like to thank 33a6099 for reporting these issues.