I have discovered the following vulnerabilities in the RecoverPoint enterprise data protection platform, mentioned in Dell EMC's disclosure.
Critical unauthenticated remote code execution with root privileges via command injection in username (CVE-2018-1235, CVSS 9.8, critical severity)
- Permits an attacker with visibility of a RecoverPoint device on the network to gain complete control over the underlying Linux operating system.
- Remote exploit here
- Local exploit here
- An attacker with access to the boxmgmt administrative menu can read files from the file system which are accessible to the boxmgmt user.
- Exploit here
- In certain conditions, RecoverPoint will leak plaintext credentials into a log file.
These are exploitation techniques I have found for vulnerabilities I did not discover
CVE-2018-1185 - An OS command injection vulnerability resulting in code execution as the built-in admin user
More to follow