exploit the possibilities

Dell EMC RecoverPoint Information Disclosure / Resource Consumption

Dell EMC RecoverPoint Information Disclosure / Resource Consumption
Posted Nov 12, 2018
Authored by Paul Taylor | Site emc.com

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI. Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.

tags | advisory, info disclosure
advisories | CVE-2018-15771, CVE-2018-15772
SHA-256 | e033638c4387c53924eca9defee5afa2635afbe441c616a88fc88e39c7913e06

Dell EMC RecoverPoint Information Disclosure / Resource Consumption

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256



DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities



Dell EMC Identifier: DSA-2018-205



CVE Identifier: CVE-2018-15771, CVE-2018-15772



Severity: Low



Severity Rating: See below for CVSSv3 Scores



Affected products:

Dell EMC RecoverPoint versions prior to 5.1.2.1

Dell EMC RecoverPoint Virtual Machine (VM) versions prior to 5.2.0.2



Summary:

Dell EMC RecoverPoint contains fixes to multiple security vulnerabilities which could potentially be exploited by malicious users to compromise the affected system.



Details:



Information Disclosure Vulnerability

CVE-2018-15771

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI.

CVSSv3 Base Score: 2.3 (AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)



Uncontrolled Resource Consumption Vulnerability

CVE-2018-15772

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.

CVSSv3 Base Score: 3.4 (AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L)



Resolution:

The following Dell EMC RecoverPoint releases contain resolutions to these vulnerabilities:

* Dell EMC RecoverPoint for Virtual Machines 5.2.0.2

* Dell EMC RecoverPoint 5.1.2.1



Dell EMC recommends all customers upgrade at the earliest opportunity.





Link to remedies:

Customers can download software from: https://support.emc.com/search/?text=RecoverPoint&searchLang=en_US&facetResource=DOWN





Credits:

Dell EMC would like to thank Paul Taylor (@bao7uo) for reporting these vulnerabilities.



Severity Rating

For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.



Legal Information

Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC distributes Dell EMC Security Advisories, in order to bring to the attention of users of the affected Dell EMC products, important security information. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus
iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

-----BEGIN PGP SIGNATURE-----



iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlvktrEACgkQgSlofD2Y

i6fVXw//QXRWQ+8d/vlhEeHj+xcCX8rggZXI9SnR0rNTEwfoaqRZugmauXNPMwRL

Jvkp96Al0RrTLNNxxq9iyqjRnGqUdpHgNlAP4kq+Zs785LlKrvj/2WH/AshwZhZM

yDdusIUVHpcV0eR/fm57gvINeGkn0ZU/Ili4xN9JF6CRuyNihi3LvlGlcsXwyQC5

Ja9HCOgM82uUz6NhsWw/GAD9Jxx/2ID3SfqL/m7/o7mioY+jlhGaL8JBlPurXSe6

atP851X2Fj4VnMNNgbvL55JF6/HTFhk2H4JmiuELWYKiCmQvWcp4b6tzzOvyA2VN

E71DlqVi33IvPbIbZtE2Ji/WLVrIvlFhXuT/4eihvX5bRt4F731+EPSW6jbKrqcT

l4bMYdqouvqMt4BU4Fcm2P5Ynv43rw+mZFnkluQ/XdXBA7micA5QlUZPSD1xKyCS

761uZwl9ccCymk8GRcwFaX3c7WIc1x7yLjbQ+JfvnFiD7TF7xCEdqZG/yD6FAzwz

sAXgNIjmPtq5XxL9DpHvnX4NpzTV87U7shfjPiU+mn1n/xaqo+c/MZGDWyloN7LN

sPWfwaBHV6I1GZMEDJ/1h8cJV/f2dvEfV5gHBEV2t+nmNvddpjZC4cAKCXd8BlAC

fRgraWppWLqHRv3EJVKDEzJlbUks8eQr/HmFovilRaQj/s5ljwg=

=s3w/

-----END PGP SIGNATURE-----



Login or Register to add favorites

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close