Jack Backer

**Name of the Vulnerable Software and Affected Versions** EMC RecoverPoint for Virtual Machines versions prior to 5.1.1 EMC RecoverPoint version 5.1.0.0 EMC RecoverPoint versions prior to 5.0.1.3 **Description** An issue was discovered that allows a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges due to a command injection vulnerability in Boxmgmt CLI. **Recommendations** For EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, update to version 5.1.1 or later. For EMC RecoverPoint version 5.1.0.0, update to a version later than 5.1.0.0. For EMC RecoverPoint versions prior to 5.0.1.3, update to version 5.0.1.3 or later. As a temporary workaround, consider restricting access to the Boxmgmt CLI to minimize the risk of exploitation.