Dell EMC RecoverPoint Uncontrolled Resource Consumption Vulnerability
CVE-2018-15772

7.1HIGH

Key Information:

Vendor
Dell
Status
Dell Emc Recoverpoint
Dell Emc Recoverpoint Virtual Machine (vm)
Vendor
CVE Published:
13 November 2018

Summary

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.

Affected Version(s)

Dell EMC RecoverPoint < 5.1.2.1

Dell EMC RecoverPoint Virtual Machine (VM) < 5.2.0.2

References

http://www.securitytracker.com/id/1042059
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/105916
vdb-entryx_refsource_BID
https://seclists.org/fulldisclosure/2018/Nov/34
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.