Command injection

2023-05-2307:15:00

PRIOn knowledge base

www.prio-n.com

dell vxrail

command injection

vulnerability

exploitation

local authentication

os commands

privileges

system takeover

nvd

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

CPENameOperatorVersion
vxrail_hyperconverged_infrastructurege7.0.0
vxrail_hyperconverged_infrastructurelt7.0.450

CPE	Name	Operator	Version
	vxrail_hyperconverged_infrastructure	ge	7.0.0
	vxrail_hyperconverged_infrastructure	lt	7.0.450

References

www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450