Main Vulnerability Database SB2018111509

SB2018111509 - Multiple vulnerabilities in Dell EMC RecoverPoint

Published: November 15, 2018

Security Bulletin ID SB2018111509

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2018-15771)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to information exposure. A remote boxmgmt attacker can determine the existence of any system file via Boxmgmt CLI.

2) Resource exhaustion (CVE-ID: CVE-2018-15772)

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to resource exhaustion. A remote boxmgmt attacker can consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.

Remediation

Install update from vendor's website.

References

https://seclists.org/fulldisclosure/2018/Nov/34