CVE-2018-15772
Summary
| CVE | CVE-2018-15772 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-11-13 14:29:00 UTC |
| Updated | 2019-02-04 13:41:00 UTC |
| Description | Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI. |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dell | Emc Recoverpoint | All | All | All | All |
| Application | Dell | Emc Recoverpoint | All | All | All | All |
| Application | Dell | Emc Recoverpoint For Virtual Machines | All | All | All | All |
| Application | Dell | Emc Recoverpoint For Virtual Machines | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Dell EMC RecoverPoint Information Disclosure and Denial of Service Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Full Disclosure: DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| EMC RecoverPoint Flaws Lets Users View Arbitrary Files on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.