What is CVE-2017-15548?

CVE-2017-15548 is a vulnerability in EMC Avamar Server, EMC NetWorker Virtual Edition (NVE), and EMC Integrated Data Protection Appliance that allows a remote unauthenticated attacker to bypass authentication and gain unauthorized access.

What is the severity of CVE-2017-15548?

The severity of CVE-2017-15548 is critical with a CVSS score of 9.8 out of 10.

Which versions of EMC Avamar Server are affected by CVE-2017-15548?

EMC Avamar Server versions 7.1.x, 7.2.x, 7.3.x, 7.4.x, and 7.5.0 are all affected by CVE-2017-15548.

Which versions of EMC NetWorker Virtual Edition are affected by CVE-2017-15548?

EMC NetWorker Virtual Edition versions 9.0.x, 9.1.x, and 9.2.x are affected by CVE-2017-15548.

Is there a fix available for CVE-2017-15548?

Yes, EMC has released patches and updates to address the vulnerability in affected products. It is recommended to apply the latest security updates to mitigate the risk.

Vulnerability/
CVE-2017-15548

critical

CWE

287

5/1/2018

18/1/2018

CVE-2017-15548

First published: Fri Jan 05 2018(Updated: )

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.

Credit: security_alert@emc.com

Affected Software	Affected Version	How to fix
EMC Avamar Server	=7.1-21-sp2
EMC Avamar Server	=7.1-145-sp1
EMC Avamar Server	=7.1-302
EMC Avamar Server	=7.1-370
EMC Avamar Server	=7.2-32-sp1
EMC Avamar Server	=7.2-309
EMC Avamar Server	=7.2-401
EMC Avamar Server	=7.3-125-sp1
EMC Avamar Server	=7.3-211
EMC Avamar Server	=7.3-226
EMC Avamar Server	=7.3-233
EMC Avamar Server	=7.4-58-sp1
EMC Avamar Server	=7.4-242
EMC Avamar Server	=7.5-183
EMC Integrated Data Protection Appliance	=2.0
EMC NetWorker	=9.0
EMC NetWorker	=9.1
EMC NetWorker	=9.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-15548?
CVE-2017-15548 is a vulnerability in EMC Avamar Server, EMC NetWorker Virtual Edition (NVE), and EMC Integrated Data Protection Appliance that allows a remote unauthenticated attacker to bypass authentication and gain unauthorized access.
What is the severity of CVE-2017-15548?
The severity of CVE-2017-15548 is critical with a CVSS score of 9.8 out of 10.
Which versions of EMC Avamar Server are affected by CVE-2017-15548?
EMC Avamar Server versions 7.1.x, 7.2.x, 7.3.x, 7.4.x, and 7.5.0 are all affected by CVE-2017-15548.
Which versions of EMC NetWorker Virtual Edition are affected by CVE-2017-15548?
EMC NetWorker Virtual Edition versions 9.0.x, 9.1.x, and 9.2.x are affected by CVE-2017-15548.
Is there a fix available for CVE-2017-15548?
Yes, EMC has released patches and updates to address the vulnerability in affected products. It is recommended to apply the latest security updates to mitigate the risk.

collector/nvd-index
agent/references
agent/weakness
agent/type
agent/event
agent/author
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
vendor/emc
canonical/emc avamar server
version/emc avamar server/7.1-21-sp2
version/emc avamar server/7.1-145-sp1
version/emc avamar server/7.1-302
version/emc avamar server/7.1-370
version/emc avamar server/7.2-32-sp1
version/emc avamar server/7.2-309
version/emc avamar server/7.2-401
version/emc avamar server/7.3-125-sp1
version/emc avamar server/7.3-211
version/emc avamar server/7.3-226
version/emc avamar server/7.3-233
version/emc avamar server/7.4-58-sp1
version/emc avamar server/7.4-242
version/emc avamar server/7.5-183
canonical/emc integrated data protection appliance
version/emc integrated data protection appliance/2.0
canonical/emc networker
version/emc networker/9.0
version/emc networker/9.1
version/emc networker/9.2