PT-2018-10850 · Emc · Emc Recoverpoint+1

Paul Taylor

Published

2018-02-03

Updated

2021-05-26

CVE-2018-1185

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC RecoverPoint for Virtual Machines versions prior to 5.1.1 EMC RecoverPoint version 5.1.0.0 EMC RecoverPoint versions prior to 5.0.1.3

Description An issue was discovered that allows a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges due to a command injection vulnerability in the Admin CLI.

Recommendations For EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, update to version 5.1.1 or later. For EMC RecoverPoint version 5.1.0.0, update to a version later than 5.1.0.0. For EMC RecoverPoint versions prior to 5.0.1.3, update to version 5.0.1.3 or later.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-1185

Affected Products

Emc Recoverpoint

Dell Recoverpoint For Virtual Machines

PT-2018-10850 · Emc · Emc Recoverpoint+1

CVE-2018-1185

Weakness Enumeration

Related Identifiers

Affected Products

References · 5