← back
CVE-2018-11077

Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability

EPSS 1.0%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Nov 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
Affected products
Dell EMC · AvamarDell EMC · Integrated Data Protection Appliance

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://seclists.org/fulldisclosure/2018/Nov/51https://www.vmware.com/security/advisories/VMSA-2018-0029.htmlhttp://www.securityfocus.com/bid/105971http://www.securitytracker.com/id/1042153