Main Vulnerability Database Vulnerabilities #VU10363

#VU10363 OS command injection in RecoverPoint - CVE-2018-1185

Published: February 5, 2018 / Updated: June 17, 2021

Vulnerability identifier: #VU10363

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-1185

CWE-ID: CWE-78

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
RecoverPoint

Software vendor:
Dell

Description

The vulnerability allows a local high-privileged attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to an error in lib/rrd.php. A local user with 'admin' privileges can supply specially crafted data via the Admin command line interface (CLI) to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

http://seclists.org/fulldisclosure/2018/Feb/9

#VU10363 OS command injection in RecoverPoint - CVE-2018-1185

Description

Remediation

External links

Please verify you're human