CVE-2018-1242

Summary

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.

Affected Software

VendorProductVersion RangeStatus
Dell EMCDell EMC RecoverPointunspecified < 5.1.2affected
Dell EMCDell EMC RecoverPoint Virtual Machine (VM)unspecified < 5.1.1.3affected

Weaknesses

  • command injection vulnerability

ADP Enrichment

CVE Program Container

Additional References

References