CVE-2019-3727 MEDIUM

CVE-2019-3727: OS command injection vulnerability

Vendor Dell Emc
Product RecoverPoint
Published May 15, 2019
Last update September 17, 2024

CVSS base score

6.4/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root.

Key dates

02Disclosure timeline

May 15, 2019 CVE published
September 17, 2024 Record updated