Описание
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 5.1.2 (исключая)Версия до 5.1.1.3 (исключая)
Одно из
cpe:2.3:a:emc:recoverpoint:*:*:*:*:*:*:*:*
cpe:2.3:a:emc:recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04972
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.
EPSS
Процентиль: 89%
0.04972
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-78