Lucene search

DellCVE-2016-0921

HistorySep 21, 2016 - 2:59 a.m.

CVE-2016-0921

2016-09-2102:59:07

CWE-264

dell

web.nvd.nist.gov

cve-2016-0921

avamar data store

avamar virtual edition

emc avamar server

weak permissions

local users

root access

trojan horse program

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.

Affected configurations

Nvd

Node

emcavamar_serverRange≤7.3.0

VendorProductVersionCPE
emcavamar_server*cpe:2.3:a:emc:avamar_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	avamar_server	*	cpe:2.3:a:emc:avamar_server::::::::

References

seclists.org/bugtraq/2016/Sep/31

www.securityfocus.com/bid/93032

www.securitytracker.com/id/1036844

Social References

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2016-0921