Dell EMC RecoverPoint and RecoverPoint for Virtual Machines are prone to the following multiple security vulnerabilities:
1. A remote code-execution vulnerability
2. An arbitrary file-read vulnerability
3. Multiple information-disclosure vulnerabilities
An attacker can leverage these issues to execute arbitrary code, read arbitrary files, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions.
The following versions are vulnerable;
Versions prior to EMC RecoverPoint 5.1.2
Versions prior to EMC RecoverPoint for Virtual Machines 5.1.1.3
Information
CVE-2018-1242
CVE-2018-1241
EMC RecoverPoint for Virtual Machines 4.3.1.4
EMC RecoverPoint for Virtual Machines 4.0
EMC RecoverPoint 5.0
EMC RecoverPoint 4.4.1.1
EMC RecoverPoint 4.4.1.0
Dell EMC RecoverPoint for Virtual Machines 5.1.1
Dell EMC RecoverPoint for Virtual Machines 5.1.1.2
Dell EMC RecoverPoint for Virtual Machines 5.1
Dell EMC RecoverPoint 5.1
Dell EMC RecoverPoint 5.1.2
Exploit
The researcher who discovered this issue has created a proof-of-concept for CVE-2018-1242. Please see the references for more information.
References: