OS Command Injection Vulnerability in Dell EMC RecoverPoint and RecoverPoint for VMs

OS Command Injection Vulnerability in Dell EMC RecoverPoint and RecoverPoint for VMs

CVE-2019-3727 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root.

Learn more about our User Device Pen Test.