PT-2018-11158 · Dell Emc · Dell Emc Recoverpoint For Vms+2

Published

2018-05-29

Updated

2020-08-24

CVE-2018-1242

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dell EMC RecoverPoint versions prior to 5.1.2 Dell EMC RecoverPoint for VMs versions prior to 5.1.1.3

Description The issue concerns a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files, although files requiring root permission cannot be read.

Recommendations For Dell EMC RecoverPoint versions prior to 5.1.2, update to version 5.1.2 or later. For Dell EMC RecoverPoint for VMs versions prior to 5.1.1.3, update to version 5.1.1.3 or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-1242

Affected Products

Boxmgmt Cli

Dell Emc Recoverpoint

Dell Emc Recoverpoint For Vms

PT-2018-11158 · Dell Emc · Dell Emc Recoverpoint For Vms+2

CVE-2018-1242

Weakness Enumeration

Related Identifiers

Affected Products

References · 4