CVE-2018-11077

Published Nov 26, 2018

Last updated 4 days ago

CVSS medium 6.7

Overview

Description: 'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
Source: security_alert@emc.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B634FEE-123C-413B-8D06-7D9E4AE0995B"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9022A46B-7D49-492A-8DC4-CBA9C2001497"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53"
          },
          {
            "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References