What is the severity of CVE-2018-1217?

The severity of CVE-2018-1217 is critical with a CVSS score of 9.8.

What is the recommended fix for CVE-2018-1217?

To fix CVE-2018-1217, it is recommended to apply the necessary patches and updates provided by Dell EMC.

Where can I find more information about CVE-2018-1217?

You can find more information about CVE-2018-1217 on the following references: [link1], [link2], [link3].

Vulnerability/
CVE-2018-1217

critical

9.8

CWE

862

5/4/2018

5/8/2024

CVE-2018-1217

First published: Thu Apr 05 2018(Updated: )

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.

Credit: security_alert@emc.com

Affected Software	Affected Version	How to fix
Dell EMC Avamar	=7.3.1
Dell EMC Avamar	=7.4.1
Dell EMC Avamar	=7.5.0
Dell EMC Integrated Data Protection Appliance	=2.0
Dell EMC Integrated Data Protection Appliance	=2.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-1217?
CVE-2018-1217 is a vulnerability in Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1.
What is the severity of CVE-2018-1217?
The severity of CVE-2018-1217 is critical with a CVSS score of 9.8.
How does CVE-2018-1217 affect Dell EMC Avamar Server and Integrated Data Protection Appliance?
CVE-2018-1217 affects Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1.
What is the recommended fix for CVE-2018-1217?
To fix CVE-2018-1217, it is recommended to apply the necessary patches and updates provided by Dell EMC.
Where can I find more information about CVE-2018-1217?
You can find more information about CVE-2018-1217 on the following references: [link1], [link2], [link3].

collector/nvd-index
agent/weakness
agent/severity
agent/author
agent/references
agent/type
agent/event
agent/description
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/dell
canonical/dell emc avamar
version/dell emc avamar/7.3.1
version/dell emc avamar/7.4.1
version/dell emc avamar/7.5.0
canonical/dell emc integrated data protection appliance
version/dell emc integrated data protection appliance/2.0
version/dell emc integrated data protection appliance/2.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.