CVE-2018-1235

CRITICAL

Dell EMC RecoverPoint < 5.1.2 and RecoverPoint for Virtual Machines < 5.1.1.3 - Unauthenticated OS Command Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-1235. PoCs published by Paul Taylor, AbsoZed.

AI-analyzed exploit summary This exploit demonstrates an OS command injection vulnerability in Dell EMC RecoverPoint's local tty console login mechanism, allowing unauthenticated root access by injecting a bash command into the username field.

Description

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.

Exploits (2)

exploitdb WORKING POC

by Paul Taylor · textlocallinux

https://www.exploit-db.com/exploits/44920

View Code ZIP pw:eip

This exploit demonstrates an OS command injection vulnerability in Dell EMC RecoverPoint's local tty console login mechanism, allowing unauthenticated root access by injecting a bash command into the username field.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Dell EMC RecoverPoint < 5.1.2 and RP4VMs < 5.1.1.3

No auth needed

Prerequisites: Physical or console access to the target system

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by AbsoZed · poc

https://github.com/AbsoZed/CVE-2018-1235

View Code ZIP pw:eip

This Python script exploits CVE-2018-1235 by injecting a command into an SSH session using pexpect, triggering a reverse shell connection to a specified host. It confirms vulnerability via a TCP handshake on port 1273.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unknown (CVE-2018-1235 likely affects a specific SSH implementation)

No auth needed

Prerequisites: Network access to target · SSH service exposed · Target vulnerable to CVE-2018-1235

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1078 - Valid Accounts T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2018/May/61

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44920/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104246

Scores

CVSS v3 9.8

EPSS 0.4329

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (2)

emc/recoverpoint < 5.1.2

emc/recoverpoint_for_virtual_machines < 5.1.1.3

Published May 29, 2018

Tracked Since Feb 18, 2026