EMC RecoverPoint command injection in SSH username

Added: 07/05/2018
CVE: CVE-2018-1235
BID: 104246

Background

Dell EMC RecoverPoint is an application recovery solution.

Problem

A command injection vulnerability allows a remote attacker to execute arbitrary commands embedded in the username of an SSH authentication request.

Resolution

Upgrade to Dell EMC RecoverPoint for Virtual Machines 5.1.1.3 or higher, or to Dell EMC RecoverPoint 5.1.2 or later.

References

http://seclists.org/fulldisclosure/2018/May/61
https://www.foregenix.com/blog/foregenix-identify-multiple-dellemc-recoverpoint-zero-day-vulnerabilities

Platforms

Linux

Back to exploit index