An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2018/Feb/9 | Mailing List Patch Third Party Advisory |
http://www.securitytracker.com/id/1040320 | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2018/Feb/9 | Mailing List Patch Third Party Advisory |
http://www.securitytracker.com/id/1040320 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2018/Feb/9 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.securitytracker.com/id/1040320 - Third Party Advisory, VDB Entry |
Information
Published : 2018-02-03 16:29
Updated : 2024-11-21 03:59
NVD link : CVE-2018-1184
Mitre link : CVE-2018-1184
CVE.ORG link : CVE-2018-1184
JSON object : View
Products Affected
dell
- emc_recoverpoint_for_virtual_machines
- emc_recoverpoint
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')