CVE-2018-11077

Опубликовано: 26 нояб. 2018

Источник: nvd

CVSS3: 6.7

CVSS2: 7.2

EPSS Низкий

Описание

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

Ссылки

http://www.securityfocus.com/bid/105971
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042153
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2018/Nov/51
Mailing List
Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2018-0029.html
Patch
Third Party Advisory
http://www.securityfocus.com/bid/105971
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042153
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2018/Nov/51
Mailing List
Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2018-0029.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00367

Низкий

6.7 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-53fw-rm7m-jqgv

CVSS3: 6.7

github

больше 3 лет назад

BDU:2019-02390

CVSS3: 5.3

fstec

около 7 лет назад

Уязвимость системы резервного копирования Dell EMC Avamar Server и системы комплексной защиты данных DELL EMC Integrated Data Protection, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть приватный ключ SSL/TLS-соединений