Dell EMC RecoverPoint Multiple Command Injection Vulnerabilities
BID:104249
Info
Dell EMC RecoverPoint Multiple Command Injection Vulnerabilities
| Bugtraq ID: | 104249 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-1184 CVE-2018-1185 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 31 2018 12:00AM |
| Updated: | Jan 31 2018 12:00AM |
| Credit: | Geoffrey Janjua, Mike Erman, Jack Backer, and Alexander Gonzalez from Northrop Grumman |
| Vulnerable: |
EMC RecoverPoint for Virtual Machines 5.0 EMC RecoverPoint 5.0 Dell EMC RecoverPoint for Virtual Machines 5.1 Dell EMC RecoverPoint 5.1 |
| Not Vulnerable: |
EMC RecoverPoint for Virtual Machines 5.0.1.3 EMC RecoverPoint 5.0.1.3 Dell EMC RecoverPoint for Virtual Machines 5.1.1 Dell EMC RecoverPoint 5.1.0.1 |
Exploit / POC
Dell EMC RecoverPoint Multiple Command Injection Vulnerabilities
Proof-of-concept code is available for CVE-2018-1185. Please see the references for more information.
Proof-of-concept code is available for CVE-2018-1185. Please see the references for more information.
Solution / Fix
Dell EMC RecoverPoint Multiple Command Injection Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Dell EMC RecoverPoint Multiple Command Injection Vulnerabilities
References:
References:
- Dell Homepage (Dell)
- EMC RecoverPoint Admin CLI Command Injection test_snmp (bao7uo)
- ESA-2018-015: EMC RecoverPoint Command Injection Vulnerabilities (Seclists.org)