Lucene search

DellCVE-2018-11066

HistoryNov 26, 2018 - 8:29 p.m.

CVE-2018-11066

2018-11-2620:29:00

dell

web.nvd.nist.gov

dell

emc

avamar

client manager

remote code execution

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.017

Percentile

87.9%

JSON

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.

Affected configurations

Nvd

Vulners

Node

dellemc_avamarMatch7.2.0

dellemc_avamarMatch7.2.1

dellemc_avamarMatch7.3.0

dellemc_avamarMatch7.3.1

dellemc_avamarMatch7.4.0

dellemc_avamarMatch7.4.1

dellemc_avamarMatch7.5.0

dellemc_avamarMatch7.5.1

dellemc_avamarMatch18.1

dellemc_integrated_data_protection_applianceMatch2.0

dellemc_integrated_data_protection_applianceMatch2.1

dellemc_integrated_data_protection_applianceMatch2.2

Node

vmwarevsphere_data_protectionMatch6.0.0

vmwarevsphere_data_protectionMatch6.0.1

vmwarevsphere_data_protectionMatch6.0.2

vmwarevsphere_data_protectionMatch6.0.3

vmwarevsphere_data_protectionMatch6.0.4

vmwarevsphere_data_protectionMatch6.0.5

vmwarevsphere_data_protectionMatch6.0.6

vmwarevsphere_data_protectionMatch6.0.7

vmwarevsphere_data_protectionMatch6.0.8

vmwarevsphere_data_protectionMatch6.1.0

vmwarevsphere_data_protectionMatch6.1.1

vmwarevsphere_data_protectionMatch6.1.2

vmwarevsphere_data_protectionMatch6.1.3

vmwarevsphere_data_protectionMatch6.1.4

vmwarevsphere_data_protectionMatch6.1.5

vmwarevsphere_data_protectionMatch6.1.6

vmwarevsphere_data_protectionMatch6.1.7

vmwarevsphere_data_protectionMatch6.1.8

vmwarevsphere_data_protectionMatch6.1.9

VendorProductVersionCPE
dellemc_avamar7.2.0cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*
dellemc_avamar7.2.1cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*
dellemc_avamar7.3.0cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*
dellemc_avamar7.3.1cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*
dellemc_avamar7.4.0cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*
dellemc_avamar7.4.1cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*
dellemc_avamar7.5.0cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*
dellemc_avamar7.5.1cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*
dellemc_avamar18.1cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*
dellemc_integrated_data_protection_appliance2.0cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_avamar	7.2.0	cpe:2.3:a:dell:emc_avamar:7.2.0:::::::*
dell	emc_avamar	7.2.1	cpe:2.3:a:dell:emc_avamar:7.2.1:::::::*
dell	emc_avamar	7.3.0	cpe:2.3:a:dell:emc_avamar:7.3.0:::::::*
dell	emc_avamar	7.3.1	cpe:2.3:a:dell:emc_avamar:7.3.1:::::::*
dell	emc_avamar	7.4.0	cpe:2.3:a:dell:emc_avamar:7.4.0:::::::*
dell	emc_avamar	7.4.1	cpe:2.3:a:dell:emc_avamar:7.4.1:::::::*
dell	emc_avamar	7.5.0	cpe:2.3:a:dell:emc_avamar:7.5.0:::::::*
dell	emc_avamar	7.5.1	cpe:2.3:a:dell:emc_avamar:7.5.1:::::::*
dell	emc_avamar	18.1	cpe:2.3:a:dell:emc_avamar:18.1:::::::*
dell	emc_integrated_data_protection_appliance	2.0	cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:::::::*

Rows per page:

1-10 of 311

CNA Affected

[
  {
    "product": "Avamar",
    "vendor": "Dell EMC",
    "versions": [
      {
        "status": "affected",
        "version": "7.2.0"
      },
      {
        "status": "affected",
        "version": "7.2.1"
      },
      {
        "status": "affected",
        "version": "7.3.0"
      },
      {
        "status": "affected",
        "version": "7.3.1"
      },
      {
        "status": "affected",
        "version": "7.4.0"
      },
      {
        "status": "affected",
        "version": "7.4.1"
      },
      {
        "status": "affected",
        "version": "7.5.0"
      },
      {
        "status": "affected",
        "version": "7.5.1"
      },
      {
        "status": "affected",
        "version": "18.1"
      }
    ]
  },
  {
    "product": "Integrated Data Protection Appliance",
    "vendor": "Dell EMC",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      },
      {
        "status": "affected",
        "version": "2.1"
      },
      {
        "status": "affected",
        "version": "2.2"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105968

www.securitytracker.com/id/1042153

seclists.org/fulldisclosure/2018/Nov/49

www.vmware.com/security/advisories/VMSA-2018-0029.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.017

Percentile

87.9%

JSON

Related for CVE-2018-11066