Dell EMC RecoverPoint Vulnerabilities [CVE-2018-1235 and CVE-2018-1242 and CVE-2018-1241]

Six vulnerabilities have been discovered in Dell EMC’s RecoverPoint disaster recovery system products. An attacker may exploit these to remotely execute code on a targeted device.

Dell EMC have released details on three of the vulnerabilities alongside patches for them.

CVE-2018-1235 – Allows an unauthenticated, remote user to execute arbitrary code with root privileges, allowing an attacker to control the underlying operating system. Due to the severity and apparent ease of exploitation, Dell EMC have not released any further details of this vulnerability.

CVE-2018-1242 -Allows a local user to read any files via the ‘boxmgmt’ administrative interface. An attacker could exploit this vulnerability to elevate their privileges.

CVE-2018-1241 – This relates to Lightweight Directory Access Protocol (LDAP) credentials being stored in plaintext format in Apache Tomcat log files. A remote user could access the LDAP account on any RecoverPoint device using these credentials.

The three unlisted vulnerabilities all regard the use of hard-coded system password hashes, that can only be altered by the vendor, being stored on new RecoverPoint devices. Dell EMC dispute that these are vulnerabilities, making it possible that suitable remediation will not be produced.

Resolution

Dell EMC have released a firmware update to rectify these vulnerabilities. Users are advised to update their affected systems immediately.

Dell EMC have also advised RecoverPoint customers to ensure their LDAP integration uses blind security.

Updates avaliable here (login required)