Command Injection Vulnerability in Dell EMC RecoverPoint and RecoverPoint for VMs

Command Injection Vulnerability in Dell EMC RecoverPoint and RecoverPoint for VMs

CVE-2018-1242 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.

Learn more about our User Device Pen Test.