Exploits for Dell EMC RecoverPoint enterprise data protection platform
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
EMC_RPT_CVE-2018-1185.md
EMC_RPT_CVE-2018-1235-local.md
EMC_RPT_CVE-2018-1235-remote.md
EMC_RPT_CVE-2018-1242.md
LICENSE
README.md
Screenshot from 2018-02-21 01-55-52.png

README.md

Dell EMC RecoverPoint

Exploits for an enterprise data protection platform

I have discovered the following vulnerabilities in the RecoverPoint enterprise data protection platform, mentioned in Dell EMC's disclosure.

Critical unauthenticated remote code execution with root privileges via command injection in username (CVE-2018-1235, CVSS 9.8, critical severity)

  • Permits an attacker with visibility of a RecoverPoint device on the network to gain complete control over the underlying Linux operating system.
  • Remote exploit here
  • Local exploit here

Administrative menu arbitrary file read (CVE-2018-1242, CVSS 6.7, medium severity)

  • An attacker with access to the boxmgmt administrative menu can read files from the file system which are accessible to the boxmgmt user.
  • Exploit here

LDAP credentials in Tomcat log file (CVE-2018-1241, CVSS 6.2, medium severity)

  • In certain conditions, RecoverPoint will leak plaintext credentials into a log file.

Exploits for third party vulnerabilities

These are exploitation techniques I have found for vulnerabilities I did not discover

CVE-2018-1185 - An OS command injection vulnerability resulting in code execution as the built-in admin user

More to follow