CVE-2018-1235

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
emcrecoverpoint
𝑥
< 5.1.2
emcrecoverpoint_for_virtual_machines
𝑥
< 5.1.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2018/May/61
http://www.securityfocus.com/bid/104246
https://www.exploit-db.com/exploits/44920/
http://seclists.org/fulldisclosure/2018/May/61
http://www.securityfocus.com/bid/104246
https://www.exploit-db.com/exploits/44920/