CVE-2024-48007

Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1::::::
	cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1::::::

History

04 Feb 2025, 15:53

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities - Vendor Advisory
CPE		cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1:::::: cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1::::::
CWE		CWE-798
First Time		Dell recoverpoint For Virtual Machines Dell

13 Dec 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-13 14:15

Updated : 2025-03-13 16:15

NVD link : CVE-2024-48007

Mitre link : CVE-2024-48007

CVE.ORG link : CVE-2024-48007

JSON object : View

Products Affected

dell

recoverpoint_for_virtual_machines

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2024-48007", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-12-13T14:15:22.147", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data."}, {"lang": "es", "value": "Dell RecoverPoint for Virtual Machines 6.0.x contiene una vulnerabilidad de uso de credenciales codificadas. Un atacante remoto no autenticado podr\u00eda aprovechar esta vulnerabilidad obteniendo acceso al c\u00f3digo fuente, recuperando f\u00e1cilmente estos secretos y reutiliz\u00e1ndolos para acceder al sistema, lo que le permitir\u00eda obtener acceso a datos no autorizados."}], "lastModified": "2025-03-13T16:15:23.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD0ABCD5-9273-4799-A916-3518ED5EBB46"}, {"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "800D6F27-0B30-4E0A-94F6-B52367D50761"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}