Lucene search
DellCVE-2013-0945HistoryMay 03, 2013 - 11:57 a.m.
CVE-2013-0945
2013-05-0311:57:44
CWE-20
dell
web.nvd.nist.gov
27
emc avamar
ssl
man-in-the-middle attack
cve-2013-0945
nvd
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
44.3%
EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Affected configurations
Node
emcavamarRange≤6.1.101-87
ORemcavamarMatch4.0
ORemcavamarMatch4.1
ORemcavamarMatch5.0
ORemcavamarMatch5.0sp1
ORemcavamarMatch5.0sp2
ORemcavamarMatch5.0.0-407
ORemcavamarMatch5.0.4-26
ORemcavamarMatch6.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| emc | avamar | * | cpe:2.3:a:emc:avamar:*:*:*:*:*:*:*:* |
| emc | avamar | 4.0 | cpe:2.3:a:emc:avamar:4.0:*:*:*:*:*:*:* |
| emc | avamar | 4.1 | cpe:2.3:a:emc:avamar:4.1:*:*:*:*:*:*:* |
| emc | avamar | 5.0 | cpe:2.3:a:emc:avamar:5.0:*:*:*:*:*:*:* |
| emc | avamar | 5.0 | cpe:2.3:a:emc:avamar:5.0:sp1:*:*:*:*:*:* |
| emc | avamar | 5.0 | cpe:2.3:a:emc:avamar:5.0:sp2:*:*:*:*:*:* |
| emc | avamar | 5.0.0-407 | cpe:2.3:a:emc:avamar:5.0.0-407:*:*:*:*:*:*:* |
| emc | avamar | 5.0.4-26 | cpe:2.3:a:emc:avamar:5.0.4-26:*:*:*:*:*:*:* |
| emc | avamar | 6.0 | cpe:2.3:a:emc:avamar:6.0:*:*:*:*:*:*:* |
Related
securityvulns
securityvulns
EMC Avamar server / client security vulnerabilities
2013-05-04 00:00:00
prion
prion
Code injection
2013-05-03 11:57:00
nvd
nvd
CVE-2013-0945
2013-05-03 11:57:44
cvelist
cvelist
CVE-2013-0945
2013-05-03 10:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
44.3%
Related for CVE-2013-0945