PT-2018-11137 · Dell Emc · Dell Emc Recoverpoint For Vms+1

Paul Taylor

Published

2018-05-29

Updated

2019-10-03

CVE-2018-1235

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Dell EMC RecoverPoint versions prior to 5.1.2 Dell EMC RecoverPoint for VMs versions prior to 5.1.1.3

Description The issue allows an unauthenticated remote attacker to potentially execute arbitrary commands on the affected system with root privilege due to a command injection vulnerability.

Recommendations For Dell EMC RecoverPoint versions prior to 5.1.2, update to version 5.1.2 or later. For Dell EMC RecoverPoint for VMs versions prior to 5.1.1.3, update to version 5.1.1.3 or later.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-1235

Affected Products

Dell Emc Recoverpoint

Dell Emc Recoverpoint For Vms

PT-2018-11137 · Dell Emc · Dell Emc Recoverpoint For Vms+1

CVE-2018-1235

Weakness Enumeration

Related Identifiers

Affected Products

References · 5