CVE-2018-11066
published 2018-11-26CVE-2018-11066: Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data…
PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
9.91%
95.0th percentile
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_integrated_data_protection_appliance | — | — |
| dell | emc_integrated_data_protection_appliance | — | — |
| dell | emc_integrated_data_protection_appliance | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | integrated_data_protection_appliance | — | — |
| dell_emc | integrated_data_protection_appliance | — | — |
| dell_emc | integrated_data_protection_appliance | — | — |
| vmware | vmware_vsphere | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2018-11066 is a remote code execution vulnerability in Dell EMC Avamar Client Manager (and VDP) exploitable by a remote unauthenticated attacker; monitor for unexpected process execution or command activity originating from the Avamar/VDP server process ↗
- →VDP (vSphere Data Protection) is based on Dell EMC Avamar Virtual Edition and shares the same RCE vulnerability; treat VDP appliances as equally exposed attack surface ↗
- →No mitigation or workaround exists for CVE-2018-11066 in VDP 6.0.x or 6.1.x; patching to 6.1.10 or 6.0.9 respectively is the only remediation — unpatched instances should be treated as actively exploitable ↗
- ·Affected Dell EMC Avamar Server versions are 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, and 18.1; affected IDPA versions are 2.0, 2.1, and 2.2 — scope detection rules to these version ranges ↗
- ·CVE-2018-11066 severity is rated Critical for VDP; prioritize detection and patching above co-located vulnerabilities CVE-2018-11067 (Important) and CVE-2018-11076 (Important) which affect the same appliance ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m593-g9cm-c9fm: Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7
ghsa_unreviewed·2022-05-13
CVE-2018-11066 [CRITICAL] GHSA-m593-g9cm-c9fm: Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
VMware
vSphere Data Protection (VDP) updates address multiple security issues.
vendor_vmware·2018-11-20·CVSS 9.8
CVE-2018-11066 [CRITICAL] vSphere Data Protection (VDP) updates address multiple security issues.
VMSA-2018-0029: vSphere Data Protection (VDP) updates address multiple security issues.
vSphere Data Protection (VDP) updates address multiple security issues. 2. Relevant Products vSphere Data Protection (VDP). VDP is based on Dell EMC Avamar Virtual Edition. 3. Problem Description a. Remote code execution vulnerability. VDP contains a remote code execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11066 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/105968http://www.securitytracker.com/id/1042153https://seclists.org/fulldisclosure/2018/Nov/49https://www.vmware.com/security/advisories/VMSA-2018-0029.htmlhttp://www.securityfocus.com/bid/105968http://www.securitytracker.com/id/1042153https://seclists.org/fulldisclosure/2018/Nov/49https://www.vmware.com/security/advisories/VMSA-2018-0029.html
2018-11-26
Published