CVE-2016-6649

MEDIUM

EMC RecoverPoint <4.4.1.1-5.0 - Command Injection

Title source: llm
STIX 2.1

Description

EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry x_refsource_confirm
http://www.securityfocus.com/archive/1/540058/30/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037727
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95821

Scores

CVSS v3 6.7
EPSS 0.0035
EPSS Percentile 57.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (3)
emc/recoverpoint < 4.4.1.0
emc/recoverpoint_for_virtual_machines < 4.0
n/a/EMC RecoverPoint and EMC RecoverPoint for Virtual Machines EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 EMC RecoverPoint and EMC RecoverPoint for Virtual Machines EMC RecoverPoint versions before 4.4.1.1
Published Feb 03, 2017
Tracked Since Feb 18, 2026