CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
44.3%
EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Vendor | Product | Version | CPE |
---|---|---|---|
emc | avamar | * | cpe:2.3:a:emc:avamar:*:*:*:*:*:*:*:* |
emc | avamar | 4.0 | cpe:2.3:a:emc:avamar:4.0:*:*:*:*:*:*:* |
emc | avamar | 4.1 | cpe:2.3:a:emc:avamar:4.1:*:*:*:*:*:*:* |
emc | avamar | 5.0 | cpe:2.3:a:emc:avamar:5.0:*:*:*:*:*:*:* |
emc | avamar | 5.0 | cpe:2.3:a:emc:avamar:5.0:sp1:*:*:*:*:*:* |
emc | avamar | 5.0 | cpe:2.3:a:emc:avamar:5.0:sp2:*:*:*:*:*:* |
emc | avamar | 5.0.0-407 | cpe:2.3:a:emc:avamar:5.0.0-407:*:*:*:*:*:*:* |
emc | avamar | 5.0.4-26 | cpe:2.3:a:emc:avamar:5.0.4-26:*:*:*:*:*:*:* |
emc | avamar | 6.0 | cpe:2.3:a:emc:avamar:6.0:*:*:*:*:*:*:* |