Vulnerability Description
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Recoverpoint | < 5.0.1.3 |
| Dell | Emc Recoverpoint For Virtual Machines | < 5.1.1 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2018/Feb/9Mailing ListPatchThird Party Advisory
- http://www.securitytracker.com/id/1040320Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Feb/9Mailing ListPatchThird Party Advisory
- http://www.securitytracker.com/id/1040320Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-1184?
CVE-2018-1184 is a vulnerability with a CVSS score of 6.7 (MEDIUM). An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerabil...
How severe is CVE-2018-1184?
CVE-2018-1184 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1184?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Recoverpoint, Dell Emc Recoverpoint For Virtual Machines.