what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Dell EMC RecoverPoint Information Disclosure / Resource Consumption

Dell EMC RecoverPoint Information Disclosure / Resource Consumption
Posted Nov 12, 2018
Authored by Paul Taylor | Site emc.com

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI. Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.

tags | advisory, info disclosure
advisories | CVE-2018-15771, CVE-2018-15772
SHA-256 | e033638c4387c53924eca9defee5afa2635afbe441c616a88fc88e39c7913e06

Dell EMC RecoverPoint Information Disclosure / Resource Consumption

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256



DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities



Dell EMC Identifier: DSA-2018-205



CVE Identifier: CVE-2018-15771, CVE-2018-15772



Severity: Low



Severity Rating: See below for CVSSv3 Scores



Affected products:

Dell EMC RecoverPoint versions prior to 5.1.2.1

Dell EMC RecoverPoint Virtual Machine (VM) versions prior to 5.2.0.2



Summary:

Dell EMC RecoverPoint contains fixes to multiple security vulnerabilities which could potentially be exploited by malicious users to compromise the affected system.



Details:



Information Disclosure Vulnerability

CVE-2018-15771

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI.

CVSSv3 Base Score: 2.3 (AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)



Uncontrolled Resource Consumption Vulnerability

CVE-2018-15772

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.

CVSSv3 Base Score: 3.4 (AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L)



Resolution:

The following Dell EMC RecoverPoint releases contain resolutions to these vulnerabilities:

* Dell EMC RecoverPoint for Virtual Machines 5.2.0.2

* Dell EMC RecoverPoint 5.1.2.1



Dell EMC recommends all customers upgrade at the earliest opportunity.





Link to remedies:

Customers can download software from: https://support.emc.com/search/?text=RecoverPoint&searchLang=en_US&facetResource=DOWN





Credits:

Dell EMC would like to thank Paul Taylor (@bao7uo) for reporting these vulnerabilities.



Severity Rating

For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.



Legal Information

Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC distributes Dell EMC Security Advisories, in order to bring to the attention of users of the affected Dell EMC products, important security information. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus
iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

-----BEGIN PGP SIGNATURE-----



iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlvktrEACgkQgSlofD2Y

i6fVXw//QXRWQ+8d/vlhEeHj+xcCX8rggZXI9SnR0rNTEwfoaqRZugmauXNPMwRL

Jvkp96Al0RrTLNNxxq9iyqjRnGqUdpHgNlAP4kq+Zs785LlKrvj/2WH/AshwZhZM

yDdusIUVHpcV0eR/fm57gvINeGkn0ZU/Ili4xN9JF6CRuyNihi3LvlGlcsXwyQC5

Ja9HCOgM82uUz6NhsWw/GAD9Jxx/2ID3SfqL/m7/o7mioY+jlhGaL8JBlPurXSe6

atP851X2Fj4VnMNNgbvL55JF6/HTFhk2H4JmiuELWYKiCmQvWcp4b6tzzOvyA2VN

E71DlqVi33IvPbIbZtE2Ji/WLVrIvlFhXuT/4eihvX5bRt4F731+EPSW6jbKrqcT

l4bMYdqouvqMt4BU4Fcm2P5Ynv43rw+mZFnkluQ/XdXBA7micA5QlUZPSD1xKyCS

761uZwl9ccCymk8GRcwFaX3c7WIc1x7yLjbQ+JfvnFiD7TF7xCEdqZG/yD6FAzwz

sAXgNIjmPtq5XxL9DpHvnX4NpzTV87U7shfjPiU+mn1n/xaqo+c/MZGDWyloN7LN

sPWfwaBHV6I1GZMEDJ/1h8cJV/f2dvEfV5gHBEV2t+nmNvddpjZC4cAKCXd8BlAC

fRgraWppWLqHRv3EJVKDEzJlbUks8eQr/HmFovilRaQj/s5ljwg=

=s3w/

-----END PGP SIGNATURE-----



Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close