PT-2018-10844 · Emc · Boxmgmt Cli+2

Alexander Gonzalez

Publicado

2018-02-03

Atualizado

2021-05-24

CVE-2018-1184

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC RecoverPoint for Virtual Machines versions prior to 5.1.1 EMC RecoverPoint version 5.1.0.0 EMC RecoverPoint versions prior to 5.0.1.3

Description An issue was discovered that allows a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges due to a command injection vulnerability in Boxmgmt CLI.

Recommendations For EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, update to version 5.1.1 or later. For EMC RecoverPoint version 5.1.0.0, update to a version later than 5.1.0.0. For EMC RecoverPoint versions prior to 5.0.1.3, update to version 5.0.1.3 or later. As a temporary workaround, consider restricting access to the Boxmgmt CLI to minimize the risk of exploitation.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2018-1184

Produtos afetados

Boxmgmt Cli

Emc Recoverpoint

Dell Recoverpoint For Virtual Machines

PT-2018-10844 · Emc · Boxmgmt Cli+2

CVE-2018-1184

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5