Lucene search

[email protected]CVE-2017-15548

HistoryJan 05, 2018 - 5:29 p.m.

CVE-2017-15548

2018-01-0517:29:00

CWE-287

[email protected]

web.nvd.nist.gov

emc

avamar

networker

virtual edition

nve

integrated data protection

appliance

cve-2017-15548

vulnerability

unauthorized access

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.

Affected configurations

NVD

Node

emcavamar_serverMatch7.1-21sp2

emcavamar_serverMatch7.1-145sp1

emcavamar_serverMatch7.1-302

emcavamar_serverMatch7.1-370

emcavamar_serverMatch7.2-32sp1

emcavamar_serverMatch7.2-309

emcavamar_serverMatch7.2-401

emcavamar_serverMatch7.3-125sp1

emcavamar_serverMatch7.3-211

emcavamar_serverMatch7.3-226

emcavamar_serverMatch7.3-233

emcavamar_serverMatch7.4-58sp1

emcavamar_serverMatch7.4-242

emcavamar_serverMatch7.5-183

emcintegrated_data_protection_applianceMatch2.0

emcnetworkerMatch9.0virtual

emcnetworkerMatch9.1virtual

emcnetworkerMatch9.2virtual

CPENameOperatorVersion
emc:avamar_serveremc avamar servereq7.1-21
emc:avamar_serveremc avamar servereq7.1-145
emc:avamar_serveremc avamar servereq7.1-302
emc:avamar_serveremc avamar servereq7.1-370
emc:avamar_serveremc avamar servereq7.2-32
emc:avamar_serveremc avamar servereq7.2-309
emc:avamar_serveremc avamar servereq7.2-401
emc:avamar_serveremc avamar servereq7.3-125
emc:avamar_serveremc avamar servereq7.3-211
emc:avamar_serveremc avamar servereq7.3-226

CPE	Name	Operator	Version
emc:avamar_server	emc avamar server	eq	7.1-21
emc:avamar_server	emc avamar server	eq	7.1-145
emc:avamar_server	emc avamar server	eq	7.1-302
emc:avamar_server	emc avamar server	eq	7.1-370
emc:avamar_server	emc avamar server	eq	7.2-32
emc:avamar_server	emc avamar server	eq	7.2-309
emc:avamar_server	emc avamar server	eq	7.2-401
emc:avamar_server	emc avamar server	eq	7.3-125
emc:avamar_server	emc avamar server	eq	7.3-211
emc:avamar_server	emc avamar server	eq	7.3-226

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2018/Jan/17

www.securityfocus.com/bid/102352

www.securitytracker.com/id/1040070

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON

Related for CVE-2017-15548

prion1 cvelist1 nvd1 threatpost1 nessus1 vmware1