#VU13000 Privilege escalation in RecoverPoint
Published: May 23, 2018
Vulnerability identifier: #VU13000
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-259
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
RecoverPoint
RecoverPoint
Software vendor:
Dell
Dell
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the root account password for RecoverPoint's underlying linux operating system is a hardcoded password set. A remote attacker with knowledge of the root password of one device can log in at the local console, gain root privileges and control over all of the devices.
The weakness exists due to the root account password for RecoverPoint's underlying linux operating system is a hardcoded password set. A remote attacker with knowledge of the root password of one device can log in at the local console, gain root privileges and control over all of the devices.
Remediation
Update to version 5.1.2 or 5.1.1.3.