CVE-2018-1235

CRITICAL

EMC Recoverpoint < 5.1.2 - OS Command Injection

Title source: rule

Description

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.

Exploits (2)

exploitdb WORKING POC

by Paul Taylor · textlocallinux

https://www.exploit-db.com/exploits/44920

View Code ZIP pw:eip

nomisec WORKING POC

by AbsoZed · poc

https://github.com/AbsoZed/CVE-2018-1235

View Code ZIP pw:eip

References (3)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/May/61

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104246

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44920/

Scores

CVSS v3 9.8

EPSS 0.5175

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (2)

emc/recoverpoint < 5.1.2

emc/recoverpoint_for_virtual_machines < 5.1.1.3

Published May 29, 2018

Tracked Since Feb 18, 2026