cnvd - cnvd-2018-04836

CNVD-2018-04836

Vulnerability from cnvd - Published: 2018-03-12

Title

EMC RecoverPoint和EMC RecoverPoint for Virtual Machines命令注入漏洞（CNVD-2018-04836）

Description

EMC RecoverPoint是美国易安信（EMC）公司的一套灾难恢复解决方案。该方案可提供基于虚拟机管理程序的本地及远程复制、按虚拟机恢复到任意时间点的连续数据保护、自动化灾难恢复流程编排等功能。EMC RecoverPoint for Virtual Machines（VMs）是一套面向VMware环境的灾难恢复解决方案。Admin CLI是其中的一个命令行程序。 EMC RecoverPoint for VMs 5.1.1之前的版本、EMC RecoverPoint 5.1.0.0版本和5.0.1.3之前的版本中的Admin CLI存在命令注入漏洞。攻击者可利用该漏洞绕过受限的shell，以root权限执行任意命令。

Severity

高

Patch Name

EMC RecoverPoint和EMC RecoverPoint for Virtual Machines命令注入漏洞（CNVD-2018-04836）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://emc.com/

Reference

http://seclists.org/fulldisclosure/2018/Feb/9 http://www.securitytracker.com/id/1040320

Impacted products

Name
['EMC RecoverPoint for VMs <5.1.1', 'EMC RecoverPoint 5.1.0.0', 'EMC RecoverPoint <5.0.1.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1185"
    }
  },
  "description": "EMC RecoverPoint\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4e00\u5957\u707e\u96be\u6062\u590d\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u53ef\u63d0\u4f9b\u57fa\u4e8e\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u672c\u5730\u53ca\u8fdc\u7a0b\u590d\u5236\u3001\u6309\u865a\u62df\u673a\u6062\u590d\u5230\u4efb\u610f\u65f6\u95f4\u70b9\u7684\u8fde\u7eed\u6570\u636e\u4fdd\u62a4\u3001\u81ea\u52a8\u5316\u707e\u96be\u6062\u590d\u6d41\u7a0b\u7f16\u6392\u7b49\u529f\u80fd\u3002EMC RecoverPoint for Virtual Machines\uff08VMs\uff09\u662f\u4e00\u5957\u9762\u5411VMware\u73af\u5883\u7684\u707e\u96be\u6062\u590d\u89e3\u51b3\u65b9\u6848\u3002Admin CLI\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u547d\u4ee4\u884c\u7a0b\u5e8f\u3002\r\n\r\nEMC RecoverPoint for VMs 5.1.1\u4e4b\u524d\u7684\u7248\u672c\u3001EMC RecoverPoint 5.1.0.0\u7248\u672c\u548c5.0.1.3\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Admin CLI\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u53d7\u9650\u7684shell\uff0c\u4ee5root\u6743\u9650\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://emc.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04836",
  "openTime": "2018-03-12",
  "patchDescription": "EMC RecoverPoint\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4e00\u5957\u707e\u96be\u6062\u590d\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u53ef\u63d0\u4f9b\u57fa\u4e8e\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u672c\u5730\u53ca\u8fdc\u7a0b\u590d\u5236\u3001\u6309\u865a\u62df\u673a\u6062\u590d\u5230\u4efb\u610f\u65f6\u95f4\u70b9\u7684\u8fde\u7eed\u6570\u636e\u4fdd\u62a4\u3001\u81ea\u52a8\u5316\u707e\u96be\u6062\u590d\u6d41\u7a0b\u7f16\u6392\u7b49\u529f\u80fd\u3002EMC RecoverPoint for Virtual Machines\uff08VMs\uff09\u662f\u4e00\u5957\u9762\u5411VMware\u73af\u5883\u7684\u707e\u96be\u6062\u590d\u89e3\u51b3\u65b9\u6848\u3002Admin CLI\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u547d\u4ee4\u884c\u7a0b\u5e8f\u3002\r\n\r\nEMC RecoverPoint for VMs 5.1.1\u4e4b\u524d\u7684\u7248\u672c\u3001EMC RecoverPoint 5.1.0.0\u7248\u672c\u548c5.0.1.3\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Admin CLI\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u53d7\u9650\u7684shell\uff0c\u4ee5root\u6743\u9650\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EMC RecoverPoint\u548cEMC RecoverPoint for Virtual Machines\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2018-04836\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "EMC RecoverPoint for VMs \u003c5.1.1",
      "EMC RecoverPoint 5.1.0.0",
      "EMC RecoverPoint \u003c5.0.1.3"
    ]
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2018/Feb/9\r\nhttp://www.securitytracker.com/id/1040320",
  "serverity": "\u9ad8",
  "submitTime": "2018-02-05",
  "title": "EMC RecoverPoint\u548cEMC RecoverPoint for Virtual Machines\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2018-04836\uff09"
}

CVE-2018-1185 (GCVE-0-2018-1185)

Vulnerability from cvelistv5 – Published: 2018-02-03 01:00 – Updated: 2024-08-05 03:51

Summary

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.

Severity ?

No CVSS data available.

CWE

Command injection vulnerability

Assigner

dell

References

URL

Tags

	http://www.securitytracker.com/id/1040320	vdb-entryx_refsource_SECTRACK
	http://seclists.org/fulldisclosure/2018/Feb/9	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/44614/	exploitx_refsource_EXPLOIT-DB

Impacted products

	Vendor	Product	Version
	n/a	EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3	Affected: EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:49.007Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040320",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040320"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Feb/9"
          },
          {
            "name": "44614",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44614/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3"
            }
          ]
        }
      ],
      "datePublic": "2018-02-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command injection vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-13T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1040320",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040320"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Feb/9"
        },
        {
          "name": "44614",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44614/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2018-1185",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Command injection vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040320",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040320"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2018/Feb/9",
              "refsource": "CONFIRM",
              "url": "http://seclists.org/fulldisclosure/2018/Feb/9"
            },
            {
              "name": "44614",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44614/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-1185",
    "datePublished": "2018-02-03T01:00:00",
    "dateReserved": "2017-12-06T00:00:00",
    "dateUpdated": "2024-08-05T03:51:49.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-04836

CVE-2018-1185 (GCVE-0-2018-1185)

Tags

Sightings

Nomenclature