Main Vulnerability Database Vulnerabilities #VU10364

#VU10364 Command injection in RecoverPoint - CVE-2018-1184

Published: February 5, 2018

Vulnerability identifier: #VU10364

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1184

CWE-ID: CWE-77

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
RecoverPoint

Software vendor:
Dell

Description

The vulnerability allows a local high-privileged attacker to execute arbitrary commands on the target system.

The vulnerability exists due to an error in lib/rrd.php. A local user with 'boxmgmt' privileges can supply specially crafted data via the Boxmgmt command line interface (CLI) to run arbitrary commands with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

http://seclists.org/fulldisclosure/2018/Feb/9

#VU10364 Command injection in RecoverPoint - CVE-2018-1184

Description

Remediation

External links

Please verify you're human