CVE-2018-11077

Summary

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

Affected Software

VendorProductVersion RangeStatus
Dell EMCAvamar7.2.0affected
Dell EMCAvamar7.2.1affected
Dell EMCAvamar7.3.0affected
Dell EMCAvamar7.3.1affected
Dell EMCAvamar7.4.0affected
Dell EMCAvamar7.4.1affected
Dell EMCAvamar7.5.0affected
Dell EMCAvamar7.5.1affected
Dell EMCAvamar18.1affected
Dell EMCIntegrated Data Protection Appliance2.0affected
Dell EMCIntegrated Data Protection Appliance2.1affected
Dell EMCIntegrated Data Protection Appliance2.2affected

Weaknesses

  • Command Injection Vulnerability

ADP Enrichment

CVE Program Container

Additional References

References