Vulnerability CVE-2018-1185


Published: 2018-02-03   Modified: 2018-02-05

Description:
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.

See advisories in our WLB2 database:
Topic
Author
Date
High
EMC RecoverPoint 4.3 Admin CLI Command Injection
Paul Taylor
12.05.2018

Type:

CWE-77

(Improper Neutralization of Special Elements used in a Command ('Command Injection'))

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
EMC -> Recoverpoint 

 References:
http://seclists.org/fulldisclosure/2018/Feb/9
http://www.securitytracker.com/id/1040320
https://www.exploit-db.com/exploits/44614/

Copyright 2024, cxsecurity.com

 

Back to Top