Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2017-15549

Published: 05/01/2018 Updated: 18/01/2018
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Avamar Server

Vulnerability Summary

An issue exists in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.

Vulnerable Product Search on Vulmon Subscribe to Product

emc avamar server 7.3-125

emc avamar server 7.2-309

emc avamar server 7.2-401

emc avamar server 7.2-32

emc avamar server 7.1-302

emc networker 9.2

emc avamar server 7.4-58

emc avamar server 7.3-226

emc avamar server 7.1-370

emc avamar server 7.1-21

emc networker 9.1

emc networker 9.0

emc avamar server 7.5-183

emc avamar server 7.4-242

emc integrated data protection appliance 2.0

emc avamar server 7.3-211

emc avamar server 7.3-233

emc avamar server 7.1-145

Recent Articles

Dell EMC patches 3 zero-days in Data Protection Suite
The Register • Chris Mellor • 05 Jan 2018

Could combine to 'fully compromise' virtual appliance, researchers warn

Three vulns in Dell EMC’s Data Protection Suite product that can combine to fully compromise a virtual appliance have been patched by the vendor. Security consultancy Digital Defense Inc, which sniffed them out, said Dell EMC Avamar Server, NetWorker Virtual Edition and the Integrated Data Protection Appliance had a common component in Avamar Installation Manager (AVI). It's AVI that is affected by the three bugs. Digital Defense said the three vulnerabilities included: The researchers said th...

Read more...
Attention, vSphere VDP backup admins: There is a little remote root hole you need to patch...
The Register • Thomas Claburn in San Francisco • 03 Jan 2018

And two other security bugs

VMware on Tuesday published a security advisory for its vSphere Data Protection (VDP) backup and recovery product. The virtualization giant identified three vulnerabilities, one of which it deems critical, with the two others categorized as important. The issues affect VDP 5.x, 6.0.x, and 6.1.x. CVE-2017-15548 is the critical flaw, which the biz described as a remote authentication bypass. If exploited, it could allow a remote unauthenticated attacker to bypass authentication protections, and ga...

Read more...

References

CWE-434http://seclists.org/fulldisclosure/2018/Jan/17http://www.securitytracker.com/id/1040070http://www.securityfocus.com/bid/102363https://nvd.nist.govhttps://www.theregister.co.uk/2018/01/05/dell_data_protection_suite_patched/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook