← Voltar para CVEs
CVE-2018-1185
MEDIUM6.7
Descricao
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.
Detalhes CVE
Pontuacao CVSS v3.16.7
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado2/3/2018
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
dell:emc_recoverpointdell:emc_recoverpoint_for_virtual_machines
Fraquezas (CWE)
CWE-78
Referencias
http://seclists.org/fulldisclosure/2018/Feb/9(security_alert@emc.com)
http://www.securitytracker.com/id/1040320(security_alert@emc.com)
https://www.exploit-db.com/exploits/44614/(security_alert@emc.com)
http://seclists.org/fulldisclosure/2018/Feb/9(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040320(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44614/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.