CVE-2018-11076

Опубликовано: 26 нояб. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

Ссылки

http://www.securityfocus.com/bid/105972
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042153
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2018/Nov/50
Mailing List
Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2018-0029.html
Patch
Third Party Advisory
http://www.securityfocus.com/bid/105972
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042153
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2018/Nov/50
Mailing List
Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2018-0029.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00386

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-r38w-pm6x-hp8r

CVSS3: 6.5

github

больше 3 лет назад

BDU:2019-02391

CVSS3: 9.8

fstec

около 7 лет назад

Уязвимость системы резервного копирования Dell EMC Avamar Server и системы комплексной защиты данных DELL EMC Integrated Data Protection, существующая из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю выполнить произвольные команды с привилегиями root