CVE-2018-1242

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
emcrecoverpoint
𝑥
< 5.1.2
emcrecoverpoint_for_virtual_machines
𝑥
< 5.1.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2018/May/61
http://www.securityfocus.com/bid/104246
http://seclists.org/fulldisclosure/2018/May/61
http://www.securityfocus.com/bid/104246