{"api_version":"1","generated_at":"2026-04-23T02:35:53+00:00","cve":"CVE-2018-1242","urls":{"html":"https://cve.report/CVE-2018-1242","api":"https://cve.report/api/cve/CVE-2018-1242.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-1242","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-1242"},"summary":{"title":"CVE-2018-1242","description":"Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.","state":"PUBLIC","assigner":"security_alert@emc.com","published_at":"2018-05-29 17:29:00","updated_at":"2020-08-24 17:37:00"},"problem_types":["CWE-78"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2018/May/61","name":"20180522 DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities","refsource":"FULLDISC","tags":["Mailing List","Third Party Advisory"],"title":"Full Disclosure: DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104246","name":"104246","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-1242","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1242","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"1242","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"recoverpoint","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1242","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"recoverpoint","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1242","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"recoverpoint_for_virtual_machines","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1242","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"recoverpoint_for_virtual_machines","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security_alert@emc.com","DATE_PUBLIC":"2018-05-22T04:00:00.000Z","ID":"CVE-2018-1242","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Dell EMC RecoverPoint","version":{"version_data":[{"affected":"<","version_value":"5.1.2"}]}},{"product_name":"Dell EMC RecoverPoint Virtual Machine (VM)","version":{"version_data":[{"affected":"<","version_value":"5.1.1.3"}]}}]},"vendor_name":"Dell EMC"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"command injection vulnerability"}]}]},"references":{"reference_data":[{"name":"20180522 DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2018/May/61"},{"name":"104246","refsource":"BID","url":"http://www.securityfocus.com/bid/104246"}]}},"nvd":{"publishedDate":"2018-05-29 17:29:00","lastModifiedDate":"2020-08-24 17:37:00","problem_types":["CWE-78"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:recoverpoint:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.1.3","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"1242","Ordinal":"116537","Title":"CVE-2018-1242","CVE":"CVE-2018-1242","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"1242","Ordinal":"1","NoteData":"Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"1242","Ordinal":"2","NoteData":"2018-05-29","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"1242","Ordinal":"3","NoteData":"2018-05-30","Type":"Other","Title":"Modified"}]}}}