Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
BID:104246
CVE-2018-1235 | CVE-2018-1241 | CVE-2018-1242 |Info
Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
| Bugtraq ID: | 104246 |
| Class: | Design Error |
| CVE: |
CVE-2018-1235 CVE-2018-1242 CVE-2018-1241 |
| Remote: | Yes |
| Local: | No |
| Published: | May 21 2018 12:00AM |
| Updated: | May 21 2018 12:00AM |
| Credit: | Paul Taylor (@bao7uo) / Foregenix Ltd. |
| Vulnerable: |
EMC RecoverPoint for Virtual Machines 5.0 EMC RecoverPoint for Virtual Machines 4.3.1.4 EMC RecoverPoint for Virtual Machines 4.0 EMC RecoverPoint 5.0 EMC RecoverPoint 4.4.1.1 EMC RecoverPoint 4.4.1.0 Dell EMC RecoverPoint for Virtual Machines 5.1.1 Dell EMC RecoverPoint for Virtual Machines 5.1.1.2 Dell EMC RecoverPoint for Virtual Machines 5.1 Dell EMC RecoverPoint 5.1 |
| Not Vulnerable: |
Dell EMC RecoverPoint for Virtual Machines 5.1.1.3 Dell EMC RecoverPoint 5.1.2 |
Discussion
Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
Dell EMC RecoverPoint and RecoverPoint for Virtual Machines are prone to the following multiple security vulnerabilities:
1. A remote code-execution vulnerability
2. An arbitrary file-read vulnerability
3. Multiple information-disclosure vulnerabilities
An attacker can leverage these issues to execute arbitrary code, read arbitrary files, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions.
The following versions are vulnerable;
Versions prior to EMC RecoverPoint 5.1.2
Versions prior to EMC RecoverPoint for Virtual Machines 5.1.1.3
Dell EMC RecoverPoint and RecoverPoint for Virtual Machines are prone to the following multiple security vulnerabilities:
1. A remote code-execution vulnerability
2. An arbitrary file-read vulnerability
3. Multiple information-disclosure vulnerabilities
An attacker can leverage these issues to execute arbitrary code, read arbitrary files, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions.
The following versions are vulnerable;
Versions prior to EMC RecoverPoint 5.1.2
Versions prior to EMC RecoverPoint for Virtual Machines 5.1.1.3
Exploit / POC
Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
The researcher who discovered this issue has created a proof-of-concept for CVE-2018-1242. Please see the references for more information.
The researcher who discovered this issue has created a proof-of-concept for CVE-2018-1242. Please see the references for more information.
Solution / Fix
Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
Solution:
Reportedly these issues are fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
Solution:
Reportedly these issues are fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
References
Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Multiple Security Vulnerabilities
References:
References: