CVE-2018-11077
N/A
N/A
Summary
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell EMC | Avamar | 7.2.0 | affected |
| Dell EMC | Avamar | 7.2.1 | affected |
| Dell EMC | Avamar | 7.3.0 | affected |
| Dell EMC | Avamar | 7.3.1 | affected |
| Dell EMC | Avamar | 7.4.0 | affected |
| Dell EMC | Avamar | 7.4.1 | affected |
| Dell EMC | Avamar | 7.5.0 | affected |
| Dell EMC | Avamar | 7.5.1 | affected |
| Dell EMC | Avamar | 18.1 | affected |
| Dell EMC | Integrated Data Protection Appliance | 2.0 | affected |
| Dell EMC | Integrated Data Protection Appliance | 2.1 | affected |
| Dell EMC | Integrated Data Protection Appliance | 2.2 | affected |
Weaknesses
- Command Injection Vulnerability
ADP Enrichment
CVE Program Container
Additional References
- https://www.vmware.com/security/advisories/VMSA-2018-0029.html
- https://seclists.org/fulldisclosure/2018/Nov/51
- http://www.securityfocus.com/bid/105971
- http://www.securitytracker.com/id/1042153
References
- https://www.vmware.com/security/advisories/VMSA-2018-0029.html
- https://seclists.org/fulldisclosure/2018/Nov/51
- http://www.securityfocus.com/bid/105971
- http://www.securitytracker.com/id/1042153
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.