May 22, 2018
A pen-tester has found six vulnerabilities in Dell EMC RecoverPoint devices, including a critical remote code execution flaw that could allow total system compromise.
EMC RecoverPoint is a disaster recovery tool that can be used to back up local and remote information storage, across data centers and across physical and virtual machines. It continuously, in real time, replicates the data, so in the event a system is compromised or data is lost (from, say, a ransomware attack or a natural disaster), RecoverPoint allows a company to go back in time and recover an exact image of that data from a specific moment in time.
Each of the flaws affect all versions of Dell EMC RecoverPoint prior to 5.1.2 and RecoverPoint for Virtual Machines prior to 5.1.1.3. The vendor has so far patched three of the issues, released Monday in advisory DSA-2018-095 (the non-public advisory is available to registered customers via the vendor’s
Product Security Response Center). One of the reported issues (PSRC-5489) is treated as a product defect and has been addressed in the same releases; and Dell EMC offers remediation for the other two with updated product configuration guidance.
The most serious of the vulnerabilities, and one of the patched bugs, is rated critical (
CVE-2018-1235, CVSS 9.8). It allows unauthenticated remote code execution with root privileges – which can pretty much hand over the keys to the kingdom to an attacker.