CVE-2018-1242
Summary
| CVE | CVE-2018-1242 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-05-29 17:29:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Emc | Recoverpoint | All | All | All | All |
| Application | Emc | Recoverpoint | All | All | All | All |
| Application | Emc | Recoverpoint For Virtual Machines | All | All | All | All |
| Application | Emc | Recoverpoint For Virtual Machines | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.