CVE-2022-32481 HIGH

CVE-2022-32481

Vendor Dell
Product Cyber Recovery
Published July 7, 2022
Last update September 17, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover.

Key dates

02Disclosure timeline

July 7, 2022 CVE published
September 17, 2024 Record updated