First published: Mon Nov 26 2018(Updated: )
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell EMC Avamar | =7.2.0 | |
Dell EMC Avamar | =7.2.1 | |
Dell EMC Avamar | =7.3.0 | |
Dell EMC Avamar | =7.3.1 | |
Dell EMC Avamar | =7.4.0 | |
Dell EMC Avamar | =7.4.1 | |
Dell EMC Avamar | =7.5.0 | |
Dell EMC Avamar | =7.5.1 | |
Dell EMC Avamar | =18.1 | |
Dell EMC Integrated Data Protection Appliance | =2.0 | |
Dell EMC Integrated Data Protection Appliance | =2.1 | |
Dell EMC Integrated Data Protection Appliance | =2.2 | |
VMware vSphere Data Protection | =6.0.0 | |
VMware vSphere Data Protection | =6.0.1 | |
VMware vSphere Data Protection | =6.0.2 | |
VMware vSphere Data Protection | =6.0.3 | |
VMware vSphere Data Protection | =6.0.4 | |
VMware vSphere Data Protection | =6.0.5 | |
VMware vSphere Data Protection | =6.0.6 | |
VMware vSphere Data Protection | =6.0.7 | |
VMware vSphere Data Protection | =6.0.8 | |
VMware vSphere Data Protection | =6.1.0 | |
VMware vSphere Data Protection | =6.1.1 | |
VMware vSphere Data Protection | =6.1.2 | |
VMware vSphere Data Protection | =6.1.3 | |
VMware vSphere Data Protection | =6.1.4 | |
VMware vSphere Data Protection | =6.1.5 | |
VMware vSphere Data Protection | =6.1.6 | |
VMware vSphere Data Protection | =6.1.7 | |
VMware vSphere Data Protection | =6.1.8 | |
VMware vSphere Data Protection | =6.1.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID of this vulnerability is CVE-2018-11077.
The affected software versions are Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, and 2.2.
The severity rating of this vulnerability is high with a CVSS score of 6.7.
There is no specific CVE ID for the fix, but the issue is addressed in the affected software versions.
You can find more information about this vulnerability on the following websites: SecurityFocus (http://www.securityfocus.com/bid/105971), SecurityTracker (http://www.securitytracker.com/id/1042153), and Full Disclosure mailing list (https://seclists.org/fulldisclosure/2018/Nov/51).