Command injection

2023-05-2307:15:00

PRIOn knowledge base

www.prio-n.com

dell vxrail

version 7.0.450

dcmanager

command injection

high privileged attacker

arbitrary os commands

system take over

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

CPENameOperatorVersion
vxrail_hyperconverged_infrastructurege7.0.0
vxrail_hyperconverged_infrastructurelt7.0.450

CPE	Name	Operator	Version
	vxrail_hyperconverged_infrastructure	ge	7.0.0
	vxrail_hyperconverged_infrastructure	lt	7.0.450

References

www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450