Information disclosure in RecoverPoint - CVE-2018-1242
Published: May 23, 2018
Vulnerability identifier: #VU12997
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1242
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
RecoverPoint
RecoverPoint
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to unspecified flaw. A remote attacker with access to the boxmgmt administrative menu can use the ssh command when logging in as boxmgmt and running an internal command and display the contents of files from the file system which are accessible to the boxmgmt user.
The weakness exists due to unspecified flaw. A remote attacker with access to the boxmgmt administrative menu can use the ssh command when logging in as boxmgmt and running an internal command and display the contents of files from the file system which are accessible to the boxmgmt user.
How to mitigate CVE-2018-1242
Update to version 5.1.2 or 5.1.1.3.