CVE-2018-15772
HIGHDell EMC RecoverPoint < 5.1.2.1 & RecoverPoint for VMs < 5.2.0.2 - Resource Consumption via Boxmgmt CLI
Title source: llmDescription
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1042059
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105916
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
https://seclists.org/fulldisclosure/2018/Nov/34
Scores
CVSS v3
7.1
EPSS
0.0015
EPSS Percentile
35.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (2)
dell/emc_recoverpoint
< 5.1.2.1
dell/emc_recoverpoint_for_virtual_machines
< 5.2.0.2
Published
Nov 13, 2018
Tracked Since
Feb 18, 2026