Dell EMC RecoverPoint Information Disclosure and Denial of Service Vulnerabilities

Bugtraq ID:	105916
Class:	Unknown
CVE:	CVE-2018-15771 CVE-2018-15772
Remote:	Yes
Local:	No
Published:	Nov 14 2018 12:00AM
Updated:	Nov 14 2018 12:00AM
Credit:	Paul Taylor (@bao7uo)
Vulnerable:	Dell EMC RecoverPoint for Virtual Machines 5.1.1 Dell EMC RecoverPoint for Virtual Machines 5.1.1.3 Dell EMC RecoverPoint for Virtual Machines 5.1.1.2 Dell EMC RecoverPoint for Virtual Machines 5.1 Dell EMC RecoverPoint 5.1.2 Dell EMC RecoverPoint 5.1.0.1 Dell EMC RecoverPoint 5.1
Not Vulnerable:	Dell EMC RecoverPoint for Virtual Machines 5.2.0.2 Dell EMC RecoverPoint 5.1.2.1

Dell EMC RecoverPoint Information Disclosure and Denial of Service Vulnerabilities

Dell EMC RecoverPoint are prone to an information-disclosure vulnerability and a denial-of-service vulnerability.

Successfully exploiting these issues may allow an attacker to obtain sensitive information or to consume excessive resources, resulting in a denial of service.

The following products are affected:

Dell EMC RecoverPoint versions prior to 5.1.2.1
Dell EMC RecoverPoint Virtual Machine (VM) versions prior to 5.2.0.2

Dell EMC RecoverPoint Information Disclosure and Denial of Service Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Dell EMC RecoverPoint Information Disclosure and Denial of Service Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Dell EMC RecoverPoint Information Disclosure and Denial of Service Vulnerabilities

References:

• Dell Homepage (Dell)
  
• DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities (seclists.org)