Vulnerabilities in Dell EMC’s Disaster Recovery System
Target: Dell EMC’s Disaster Recovery System
Attack Vector: Remote code execution flaw, administrative menu arbitrary file read & LDAP credentials in Tomcat log
Summary: Penetration testers from Foregenix Ltd have released details of six new vulnerabilities in Dell EMC RecoverPoint devices. The devices provide continuous data protection (CDP), tracks changes and subsequently records them to allow for faster and easier recovery of data following any corruption. One of the flaws detected is a critical remote code execution flaw which allows total command of the target machine. The vulnerabilities affect all Dell’s EMC RecoverPoint software prior to 5.1.2 and RecoverPoint for Virtual Machines prior to 220.127.116.11. Three of the vulnerabilities have been patched and on 21 May an advisory notice, only available to registered customers, offered instructions on how to mitigate the three remaining unpatched vulnerabilities. It is also noted that the CVE’s for these have either not been issued or have been revoked
Risk assessment summary: This threat is assessed as a 3d MODERATE. Whilst the most critical flaw has been patched, a further three vulnerabilities identified remain unpatched at this time and could be actively exploited. This is likely to stay high until further patches are rolled out to cover the remaining vulnerabilities. Any unpatched devices would be vulnerable to the critical remote access flaw vulnerability, which allows threat actors to gain complete control over a targeted machine. This could lead to data and credential harvesting and lateral movement within an organisation.