CVE-2019-3727
MEDIUMDell EMC RecoverPoint < 5.1.3 and RecoverPoint for Virtual Machines < 5.2.0.2 - OS Command Injection via Boxmgmt CLI
Title source: llmDescription
Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/security/us/en/04/details/533842/DSA-2019-078-Dell-EMC-RecoverPoint-OS-Command-Injection-Vulnerability
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108411
Scores
CVSS v3
6.4
EPSS
0.0006
EPSS Percentile
20.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
dell/emc_recoverpoint
< 5.1.3
dell/recoverpoint_for_virtual_machines
< 5.2.0.2
Published
May 15, 2019
Tracked Since
Feb 18, 2026