Vulnerabilites related to dell - emc_recoverpoint_for_virtual_machines
cve-2018-15772
Vulnerability from cvelistv5
Published
2018-11-13 14:00
Modified
2024-09-17 01:10
Severity ?
EPSS score ?
Summary
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1042059 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/105916 | vdb-entry, x_refsource_BID | |
| https://seclists.org/fulldisclosure/2018/Nov/34 | mailing-list, x_refsource_FULLDISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Dell EMC | Dell EMC RecoverPoint |
Version: unspecified < 5.1.2.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1042059",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042059"
},
{
"name": "105916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105916"
},
{
"name": "20181108 DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell EMC RecoverPoint",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "5.1.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Dell EMC RecoverPoint Virtual Machine (VM)",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "5.2.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "uncontrolled resource consumption vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-16T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1042059",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042059"
},
{
"name": "105916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105916"
},
{
"name": "20181108 DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/34"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell EMC RecoverPoint Uncontrolled Resource Consumption Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-09T05:00:00.000Z",
"ID": "CVE-2018-15772",
"STATE": "PUBLIC",
"TITLE": "Dell EMC RecoverPoint Uncontrolled Resource Consumption Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell EMC RecoverPoint",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.1.2.1"
}
]
}
},
{
"product_name": "Dell EMC RecoverPoint Virtual Machine (VM)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.2.0.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "uncontrolled resource consumption vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1042059",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042059"
},
{
"name": "105916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105916"
},
{
"name": "20181108 DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/34"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-15772",
"datePublished": "2018-11-13T14:00:00Z",
"dateReserved": "2018-08-23T00:00:00",
"dateUpdated": "2024-09-17T01:10:33.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1185
Vulnerability from cvelistv5
Published
2018-02-03 01:00
Modified
2024-08-05 03:51
Severity ?
EPSS score ?
Summary
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040320 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2018/Feb/9 | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/44614/ | exploit, x_refsource_EXPLOIT-DB |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3 |
Version: EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:49.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Feb/9"
},
{
"name": "44614",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44614/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3"
}
]
}
],
"datePublic": "2018-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command injection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1040320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2018/Feb/9"
},
{
"name": "44614",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44614/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2018-1185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3",
"version": {
"version_data": [
{
"version_value": "EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040320"
},
{
"name": "http://seclists.org/fulldisclosure/2018/Feb/9",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2018/Feb/9"
},
{
"name": "44614",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44614/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1185",
"datePublished": "2018-02-03T01:00:00",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-08-05T03:51:49.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1184
Vulnerability from cvelistv5
Published
2018-02-03 01:00
Modified
2024-08-05 03:51
Severity ?
EPSS score ?
Summary
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040320 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2018/Feb/9 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3 |
Version: EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Feb/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3"
}
]
}
],
"datePublic": "2018-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command injection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-03T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "1040320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/fulldisclosure/2018/Feb/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2018-1184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3",
"version": {
"version_data": [
{
"version_value": "EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040320"
},
{
"name": "http://seclists.org/fulldisclosure/2018/Feb/9",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2018/Feb/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1184",
"datePublished": "2018-02-03T01:00:00",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-08-05T03:51:48.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-02-03 16:29
Modified
2024-11-21 03:59
Severity ?
Summary
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2018/Feb/9 | Mailing List, Patch, Third Party Advisory | |
| security_alert@emc.com | http://www.securitytracker.com/id/1040320 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Feb/9 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040320 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_recoverpoint | * | |
| dell | emc_recoverpoint | 5.1.0.0 | |
| dell | emc_recoverpoint_for_virtual_machines | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_recoverpoint:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D34780-35D4-44CF-9967-FE66EB04E751",
"versionEndExcluding": "5.0.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_recoverpoint:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0D2DBD-503A-4595-9177-37174D48100B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9E4E57-8106-40BF-A1B1-03EFBE766A1D",
"versionEndExcluding": "5.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en EMC RecoverPoint for Virtual Machines en versiones anteriores a la 5.1.1; EMC RecoverPoint en su versi\u00f3n 5.1.0.0 y EMC RecoverPoint en versiones anteriores a la 5.0.1.3. Vulnerabilidad de inyecci\u00f3n de comandos en la interfaz de l\u00ednea de comandos de Boxmgmt podr\u00eda permitir que un usuario malicioso con privilegios boxmgmt omita la interfaz de l\u00ednea de comandos de Boxmgmt y ejecute comandos arbitrarios con privilegios root."
}
],
"id": "CVE-2018-1184",
"lastModified": "2024-11-21T03:59:21.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-03T16:29:00.280",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Feb/9"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Feb/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040320"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-13 14:29
Modified
2024-11-21 03:51
Severity ?
Summary
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/105916 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | http://www.securitytracker.com/id/1042059 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Nov/34 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105916 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042059 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Nov/34 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_recoverpoint | * | |
| dell | emc_recoverpoint_for_virtual_machines | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_recoverpoint:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F13918-066C-46CC-A608-893B8824E5C6",
"versionEndExcluding": "5.1.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27E51F82-855D-49EF-BFFC-A7DB1F7442C0",
"versionEndExcluding": "5.2.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI."
},
{
"lang": "es",
"value": "Dell EMC RecoverPoint, en versiones anteriores a la 5.1.2.1 y RecoverPoint for VMs en versiones anteriores a la 5.2.0.2, contienen una vulnerabilidad de consumo de recursos no controlado. Un usuario boxmgmt malicioso podr\u00eda ser capaz de consumir grandes cantidades de banda ancha de CPU para hacer que el sistema se ralentice o determine la existencia de cualquier archivo del sistema mediante la interfaz de l\u00ednea de comandos de Boxmgmt."
}
],
"id": "CVE-2018-15772",
"lastModified": "2024-11-21T03:51:26.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-13T14:29:00.293",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105916"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042059"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/34"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-03 16:29
Modified
2024-11-21 03:59
Severity ?
Summary
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://seclists.org/fulldisclosure/2018/Feb/9 | Mailing List, Patch, Third Party Advisory | |
| security_alert@emc.com | http://www.securitytracker.com/id/1040320 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://www.exploit-db.com/exploits/44614/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Feb/9 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040320 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44614/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_recoverpoint | * | |
| dell | emc_recoverpoint | 5.1.0.0 | |
| dell | emc_recoverpoint_for_virtual_machines | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_recoverpoint:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D34780-35D4-44CF-9967-FE66EB04E751",
"versionEndExcluding": "5.0.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_recoverpoint:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0D2DBD-503A-4595-9177-37174D48100B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9E4E57-8106-40BF-A1B1-03EFBE766A1D",
"versionEndExcluding": "5.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en EMC RecoverPoint for Virtual Machines en versiones anteriores a la 5.1.1; EMC RecoverPoint en su versi\u00f3n 5.1.0.0 y EMC RecoverPoint en versiones anteriores a la 5.0.1.3. Vulnerabilidad de inyecci\u00f3n de comandos en la interfaz de l\u00ednea de comandos de Admin podr\u00eda permitir que un usuario malicioso con privilegios boxmgmt escape del shell restrictivo a un shell interactivo y ejecute comandos arbitrarios con privilegios root."
}
],
"id": "CVE-2018-1185",
"lastModified": "2024-11-21T03:59:21.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-03T16:29:00.403",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Feb/9"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040320"
},
{
"source": "security_alert@emc.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44614/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Feb/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44614/"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}