CVE-2018-1184

Опубликовано: 03 фев. 2018

Источник: nvd

CVSS3: 6.7

CVSS2: 7.2

EPSS Низкий

Описание

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.

Ссылки

http://seclists.org/fulldisclosure/2018/Feb/9
Mailing List
Patch
Third Party Advisory
http://www.securitytracker.com/id/1040320
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Feb/9
Mailing List
Patch
Third Party Advisory
http://www.securitytracker.com/id/1040320
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:emc_recoverpoint:*:*:*:*:*:*:*:*

Версия до 5.0.1.3 (исключая)

cpe:2.3:a:dell:emc_recoverpoint:5.1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*

Версия до 5.1.1 (исключая)

EPSS

Процентиль: 48%

0.00248

Низкий

6.7 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-f84f-vxqq-m6jw