CVE CVE-2019-3727 Mappings

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2019-3727 RecoverPoint primary_impact T1059 Command and Scripting Interpreter
CVE-2019-3727 RecoverPoint secondary_impact T1068 Exploitation for Privilege Escalation