Privilege escalation in RecoverPoint - #VU13000
Published: May 23, 2018
Vulnerability identifier: #VU13000
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-259
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
RecoverPoint
RecoverPoint
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the root account password for RecoverPoint's underlying linux operating system is a hardcoded password set. A remote attacker with knowledge of the root password of one device can log in at the local console, gain root privileges and control over all of the devices.
The weakness exists due to the root account password for RecoverPoint's underlying linux operating system is a hardcoded password set. A remote attacker with knowledge of the root password of one device can log in at the local console, gain root privileges and control over all of the devices.
Remediation
Update to version 5.1.2 or 5.1.1.3.