Skip to content
/ dell-emc_recoverpoint Public

Exploits for Dell EMC RecoverPoint enterprise data protection platform

License

Apache-2.0 license
13 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bao7uo/dell-emc_recoverpoint

BranchesTags

Repository files navigation

Dell EMC RecoverPoint

Exploits for an enterprise data protection platform

I have discovered the following vulnerabilities in the RecoverPoint enterprise data protection platform, mentioned in Dell EMC's disclosure.

Critical unauthenticated remote code execution with root privileges via command injection in username (CVE-2018-1235, CVSS 9.8, critical severity)

  • Permits an attacker with visibility of a RecoverPoint device on the network to gain complete control over the underlying Linux operating system.
  • Remote exploit here
  • Local exploit here

Administrative menu arbitrary file read (CVE-2018-1242, CVSS 6.7, medium severity)

  • An attacker with access to the boxmgmt administrative menu can read files from the file system which are accessible to the boxmgmt user.
  • Exploit here

LDAP credentials in Tomcat log file (CVE-2018-1241, CVSS 6.2, medium severity)

  • In certain conditions, RecoverPoint will leak plaintext credentials into a log file.

Exploits for third party vulnerabilities

These are exploitation techniques I have found for vulnerabilities I did not discover

CVE-2018-1185 - An OS command injection vulnerability resulting in code execution as the built-in admin user

More to follow

About

Exploits for Dell EMC RecoverPoint enterprise data protection platform

Resources

Readme

License

Apache-2.0 license
Activity

Stars

13 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published