Dell EMC RecoverPoint
Exploits for an enterprise data protection platform
I have discovered the following vulnerabilities in the RecoverPoint enterprise data protection platform, mentioned in Dell EMC's disclosure.
Critical unauthenticated remote code execution with root privileges via command injection in username (CVE-2018-1235, CVSS 9.8, critical severity)
- Permits an attacker with visibility of a RecoverPoint device on the network to gain complete control over the underlying Linux operating system.
- Remote exploit here
- Local exploit here
Administrative menu arbitrary file read (CVE-2018-1242, CVSS 6.7, medium severity)
- An attacker with access to the boxmgmt administrative menu can read files from the file system which are accessible to the boxmgmt user.
- Exploit here
LDAP credentials in Tomcat log file (CVE-2018-1241, CVSS 6.2, medium severity)
- In certain conditions, RecoverPoint will leak plaintext credentials into a log file.
Exploits for third party vulnerabilities
These are exploitation techniques I have found for vulnerabilities I did not discover
CVE-2018-1185 - An OS command injection vulnerability resulting in code execution as the built-in admin user
More to follow