Sign-up

ID

VAR-201905-0260


CVE

CVE-2019-3727


TITLE

Dell EMC RecoverPoint and RecoverPoint for VMs In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004538

DESCRIPTION

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root. Dell EMC RecoverPoint is prone to a local OS command-injection vulnerability. Dell EMC RecoverPoint is a suite of disaster recovery and data protection software. RecoverPoint for VMs is a disaster recovery solution for VMware environments. The vulnerability stems from the fact that the network system or product does not correctly filter the Special characters, commands, etc

Trust: 1.98

sources: NVD: CVE-2019-3727 // JVNDB: JVNDB-2019-004538 // BID: 108411 // VULHUB: VHN-155162

AFFECTED PRODUCTS

vendor:dellmodel:emc recoverpointscope:ltversion:5.1.3

Trust: 1.0

vendor:dellmodel:recoverpoint for virtual machinesscope:ltversion:5.2.0.2

Trust: 1.0

vendor:dell emc old emcmodel:recoverpointscope:ltversion:5.1.3

Trust: 0.8

vendor:dell emc old emcmodel:recoverpoint for virtual machinesscope:ltversion:5.2.0.2

Trust: 0.8

vendor:dellmodel:emc recoverpoint for virtual machinesscope:eqversion:5.1.1

Trust: 0.3

vendor:dellmodel:emc recoverpoint for virtual machinesscope:eqversion:5.1.1.3

Trust: 0.3

vendor:dellmodel:emc recoverpoint for virtual machinesscope:eqversion:5.1.1.2

Trust: 0.3

vendor:dellmodel:emc recoverpoint for virtual machinesscope:eqversion:5.1

Trust: 0.3

vendor:dellmodel:emc recoverpointscope:eqversion:5.1.2

Trust: 0.3

vendor:dellmodel:emc recoverpointscope:eqversion:5.1.2.1

Trust: 0.3

vendor:dellmodel:emc recoverpointscope:eqversion:5.1.0.1

Trust: 0.3

vendor:dellmodel:emc recoverpointscope:eqversion:5.1

Trust: 0.3

vendor:dellmodel:emc recoverpoint for virtual machinesscope:neversion:5.2.0.2

Trust: 0.3

vendor:dellmodel:emc recoverpointscope:neversion:5.1.3

Trust: 0.3

sources: BID: 108411 // JVNDB: JVNDB-2019-004538 // NVD: CVE-2019-3727

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3727
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2019-3727
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3727
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-636
value: MEDIUM

Trust: 0.6

VULHUB: VHN-155162
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-3727
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155162
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3727
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

security_alert@emc.com: CVE-2019-3727
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-155162 // JVNDB: JVNDB-2019-004538 // CNNVD: CNNVD-201905-636 // NVD: CVE-2019-3727 // NVD: CVE-2019-3727

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-155162 // JVNDB: JVNDB-2019-004538 // NVD: CVE-2019-3727

THREAT TYPE

local

Trust: 0.9

sources: BID: 108411 // CNNVD: CNNVD-201905-636

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201905-636

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004538

PATCH
title:DSA-2019-078: Dell EMC RecoverPoint OS Command Injection Vulnerabilityurl:https://www.dell.com/support/security/jp/ja/jpdhs1/details/533842/DSA-2019-078-Dell-EMC-RecoverPoint-OS-Command-Injection-Vulnerability
Trust: 0.8
title:Dell EMC RecoverPoint  and RecoverPoint for VMs Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92762
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004538 // 
            
            
            
            CNNVD: CNNVD-201905-636

EXTERNAL IDS
db:NVDid:CVE-2019-3727
Trust: 2.8
db:BIDid:108411
Trust: 2.0
db:JVNDBid:JVNDB-2019-004538
Trust: 0.8
db:CNNVDid:CNNVD-201905-636
Trust: 0.7
db:VULHUBid:VHN-155162
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155162 // 
            
            
            
            BID: 108411 // 
            
            
            
            JVNDB: JVNDB-2019-004538 // 
            
            
            
            CNNVD: CNNVD-201905-636 // 
            
            
            
            NVD: CVE-2019-3727

REFERENCES
url:http://www.securityfocus.com/bid/108411
Trust: 2.3
url:https://www.dell.com/support/security/us/en/04/details/533842/dsa-2019-078-dell-emc-recoverpoint-os-command-injection-vulnerability
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-3727
Trust: 1.4
url:http://dell.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3727
Trust: 0.8
sources:
            
            
            VULHUB: VHN-155162 // 
            
            
            
            BID: 108411 // 
            
            
            
            JVNDB: JVNDB-2019-004538 // 
            
            
            
            CNNVD: CNNVD-201905-636 // 
            
            
            
            NVD: CVE-2019-3727

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 108411

SOURCES
db:VULHUBid:VHN-155162
db:BIDid:108411
db:JVNDBid:JVNDB-2019-004538
db:CNNVDid:CNNVD-201905-636
db:NVDid:CVE-2019-3727

LAST UPDATE DATE
2024-11-23T22:55:33.419000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155162date:2019-05-22T00:00:00
db:BIDid:108411date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-004538date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-636date:2019-05-23T00:00:00
db:NVDid:CVE-2019-3727date:2024-11-21T04:42:24.920

SOURCES RELEASE DATE
db:VULHUBid:VHN-155162date:2019-05-15T00:00:00
db:BIDid:108411date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-004538date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-636date:2019-05-15T00:00:00
db:NVDid:CVE-2019-3727date:2019-05-15T16:29:00.847