Vulnerability Description
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Recoverpoint | < 5.0.1.3 |
| Dell | Emc Recoverpoint For Virtual Machines | < 5.1.1 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2018/Feb/9Mailing ListPatchThird Party Advisory
- http://www.securitytracker.com/id/1040320Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/44614/ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Feb/9Mailing ListPatchThird Party Advisory
- http://www.securitytracker.com/id/1040320Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/44614/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-1185?
CVE-2018-1185 is a vulnerability with a CVSS score of 6.7 (MEDIUM). An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerabil...
How severe is CVE-2018-1185?
CVE-2018-1185 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1185?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Recoverpoint, Dell Emc Recoverpoint For Virtual Machines.