Remote code execution in RecoverPoint

#VU12995 Remote code execution in RecoverPoint

Published: 2020-03-18 | Updated: 2021-06-17

Vulnerability identifier: #VU12995

Vulnerability risk: High

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1235

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
RecoverPoint
Client/Desktop applications / Multimedia software

Vendor: Dell

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to unspecified flaw. A remote attacker who has visibility of RecoverPoint on the network can execute arbitrary code on the underlying Linux operating system with root privileges.

Mitigation
Update to version 5.1.2 or 5.1.1.3.

Vulnerable software versions

RecoverPoint: All versions

External links
http://www.foregenix.com/blog/foregenix-identify-multiple-dellemc-recoverpoint-zero-day-vulnerabili...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC RecoverPoint