Published: 03/02/2018 Updated: 26/05/2021

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

An issue exists in EMC RecoverPoint for Virtual Machines versions before 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions before 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dell emc recoverpoint
dell emc recoverpoint for virtual machines
dell emc recoverpoint 5.1.0.0

# Exploit Title: EMC RecoverPoint 43 - Admin CLI Command Injection # Version: RecoverPoint prior to 511 RecoverPoint for VMs prior to 5013 # Date: 2018-05-11 # Exploit Author: Paul Taylor # Github: githubcom/bao7uo # Tested on: RecoverPoint for VMs 43, RecoverPoint 44SP1P1 # CVE: CVE-2018-1185 1 Description An OS command inje ...

EMC RecoverPoint version 43 suffers from an administrative CLI command injectionv vulnerability ...

Exploits for Dell EMC RecoverPoint enterprise data protection platform

Dell EMC RecoverPoint Exploits for an enterprise data protection platform I have discovered the following vulnerabilities in the RecoverPoint enterprise data protection platform, mentioned in Dell EMC's disclosure seclistsorg/fulldisclosure/2018/May/61 Critical unauthenticated remote code execution with root privileges via command injection in username (CVE-2018

CWE-78 http://seclists.org/fulldisclosure/2018/Feb/9 http://www.securitytracker.com/id/1040320 https://www.exploit-db.com/exploits/44614/https://nvd.nist.gov https://github.com/bao7uo/dell-emc_recoverpoint https://www.exploit-db.com/exploits/44614/

CVE-2018-1185

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect