PT-2018-10844 · Emc · Boxmgmt Cli+2
Alexander Gonzalez
+3
·
Published
2018-02-03
·
Updated
2021-05-24
·
CVE-2018-1184
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
EMC RecoverPoint for Virtual Machines versions prior to 5.1.1
EMC RecoverPoint version 5.1.0.0
EMC RecoverPoint versions prior to 5.0.1.3
Description
An issue was discovered that allows a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges due to a command injection vulnerability in Boxmgmt CLI.
Recommendations
For EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, update to version 5.1.1 or later.
For EMC RecoverPoint version 5.1.0.0, update to a version later than 5.1.0.0.
For EMC RecoverPoint versions prior to 5.0.1.3, update to version 5.0.1.3 or later.
As a temporary workaround, consider restricting access to the Boxmgmt CLI to minimize the risk of exploitation.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Boxmgmt Cli
Emc Recoverpoint
Dell Recoverpoint For Virtual Machines