A critical hardcoded credential vulnerability in Dell RecoverPoint for Virtual Machines allows unauthenticated attackers to gain full root access to the underlying operating system.

This vulnerability involves the presence of hardcoded credentials within the software. An unauthenticated remote attacker with knowledge of these credentials can log into the system, obtaining root-level privileges and the ability to maintain long-term persistence.

The impact is extreme, as it provides a direct path for attackers to compromise virtual machine backup and recovery infrastructure. The CVSS score of 10.0 indicates the highest possible risk, including the potential for complete data loss, ransomware deployment, and total infrastructure takeover.

Immediate Action: Apply the 6.0.3.1 HF1 update or higher immediately as recommended by Dell to remove the hardcoded credentials.

Proactive Monitoring: Check for unauthorized SSH logins or new root-level accounts and monitor for any unusual persistence mechanisms in the operating system.

Compensating Controls: Disable remote access to the management console and isolate the RecoverPoint environment within a secure management VLAN.

Public Exploit Available: false

With a CVSS score of 10.0, this is a "patch now" emergency. Administrators must prioritize the application of the Dell security update to prevent unauthorized actors from using known credentials to seize control of critical backup systems.