Published: 29/05/2018 Updated: 24/08/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Dell EMC RecoverPoint versions before 5.1.2 and RecoverPoint for VMs versions before 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.

Vulnerable Product	Search on Vulmon	Subscribe to Product
emc recoverpoint for virtual machines
emc recoverpoint

Exploits for Dell EMC RecoverPoint enterprise data protection platform

Dell EMC RecoverPoint Exploits for an enterprise data protection platform I have discovered the following vulnerabilities in the RecoverPoint enterprise data protection platform, mentioned in Dell EMC's disclosure seclistsorg/fulldisclosure/2018/May/61 Critical unauthenticated remote code execution with root privileges via command injection in username (CVE-2018

CWE-78 http://seclists.org/fulldisclosure/2018/May/61 http://www.securityfocus.com/bid/104246 https://nvd.nist.gov https://github.com/bao7uo/dell-emc_recoverpoint

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-1242

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect