### [CVE-2016-6649](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6649)
![](https://img.shields.io/static/v1?label=Product&message=EMC%20RecoverPoint%20and%20EMC%20RecoverPoint%20for%20Virtual%20Machines%20EMC%20RecoverPoint%20versions%20before%204.4.1.1%20and%20EMC%20RecoverPoint%20for%20Virtual%20Machines%20versions%20before%205.0&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=command%20injection%20vulnerabilities&color=brighgreen)

### Description

EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon