Lucene search

[email protected]CVE-2018-11077

HistoryNov 26, 2018 - 8:29 p.m.

CVE-2018-11077

2018-11-2620:29:00

CWE-78

[email protected]

web.nvd.nist.gov

dell emc

avamar server

integrated data protection appliance

os command injection

vulnerability

cve-2018-11077

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

36.4%

JSON

‘getlogs’ utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

Affected configurations

NVD

Node

dellemc_avamarMatch7.2.0

dellemc_avamarMatch7.2.1

dellemc_avamarMatch7.3.0

dellemc_avamarMatch7.3.1

dellemc_avamarMatch7.4.0

dellemc_avamarMatch7.4.1

dellemc_avamarMatch7.5.0

dellemc_avamarMatch7.5.1

dellemc_avamarMatch18.1

dellemc_integrated_data_protection_applianceMatch2.0

dellemc_integrated_data_protection_applianceMatch2.1

dellemc_integrated_data_protection_applianceMatch2.2

Node

vmwarevsphere_data_protectionMatch6.0.0

vmwarevsphere_data_protectionMatch6.0.1

vmwarevsphere_data_protectionMatch6.0.2

vmwarevsphere_data_protectionMatch6.0.3

vmwarevsphere_data_protectionMatch6.0.4

vmwarevsphere_data_protectionMatch6.0.5

vmwarevsphere_data_protectionMatch6.0.6

vmwarevsphere_data_protectionMatch6.0.7

vmwarevsphere_data_protectionMatch6.0.8

vmwarevsphere_data_protectionMatch6.1.0

vmwarevsphere_data_protectionMatch6.1.1

vmwarevsphere_data_protectionMatch6.1.2

vmwarevsphere_data_protectionMatch6.1.3

vmwarevsphere_data_protectionMatch6.1.4

vmwarevsphere_data_protectionMatch6.1.5

vmwarevsphere_data_protectionMatch6.1.6

vmwarevsphere_data_protectionMatch6.1.7

vmwarevsphere_data_protectionMatch6.1.8

vmwarevsphere_data_protectionMatch6.1.9

CPENameOperatorVersion
dell:emc_avamardell emc avamareq7.2.0
dell:emc_avamardell emc avamareq7.2.1
dell:emc_avamardell emc avamareq7.3.0
dell:emc_avamardell emc avamareq7.3.1
dell:emc_avamardell emc avamareq7.4.0
dell:emc_avamardell emc avamareq7.4.1
dell:emc_avamardell emc avamareq7.5.0
dell:emc_avamardell emc avamareq7.5.1
dell:emc_avamardell emc avamareq18.1
dell:emc_integrated_data_protection_appliancedell emc integrated data protection applianceeq2.0

CPE	Name	Operator	Version
dell:emc_avamar	dell emc avamar	eq	7.2.0
dell:emc_avamar	dell emc avamar	eq	7.2.1
dell:emc_avamar	dell emc avamar	eq	7.3.0
dell:emc_avamar	dell emc avamar	eq	7.3.1
dell:emc_avamar	dell emc avamar	eq	7.4.0
dell:emc_avamar	dell emc avamar	eq	7.4.1
dell:emc_avamar	dell emc avamar	eq	7.5.0
dell:emc_avamar	dell emc avamar	eq	7.5.1
dell:emc_avamar	dell emc avamar	eq	18.1
dell:emc_integrated_data_protection_appliance	dell emc integrated data protection appliance	eq	2.0

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Avamar",
    "vendor": "Dell EMC",
    "versions": [
      {
        "status": "affected",
        "version": "7.2.0"
      },
      {
        "status": "affected",
        "version": "7.2.1"
      },
      {
        "status": "affected",
        "version": "7.3.0"
      },
      {
        "status": "affected",
        "version": "7.3.1"
      },
      {
        "status": "affected",
        "version": "7.4.0"
      },
      {
        "status": "affected",
        "version": "7.4.1"
      },
      {
        "status": "affected",
        "version": "7.5.0"
      },
      {
        "status": "affected",
        "version": "7.5.1"
      },
      {
        "status": "affected",
        "version": "18.1"
      }
    ]
  },
  {
    "product": "Integrated Data Protection Appliance ",
    "vendor": "Dell EMC",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      },
      {
        "status": "affected",
        "version": "2.1"
      },
      {
        "status": "affected",
        "version": "2.2"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105971

www.securitytracker.com/id/1042153

seclists.org/fulldisclosure/2018/Nov/51

www.vmware.com/security/advisories/VMSA-2018-0029.html

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

36.4%

JSON

Related for CVE-2018-11077

cvelist1 prion1 nvd1 vmware1 nessus1