CVE-2018-11076
published 2018-11-26CVE-2018-11076: Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an…
PriorityP429medium6.5CVSS 3.0
AVAACLPRNUINSUCHINAN
EPSS
0.83%
53.1th percentile
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_integrated_data_protection_appliance | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | integrated_data_protection_appliance | — | — |
| vmware | vmware_vsphere | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
| vmware | vsphere_data_protection | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r38w-pm6x-hp8r: Dell EMC Avamar Server versions 7
ghsa_unreviewed·2022-05-13
CVE-2018-11076 [MEDIUM] GHSA-r38w-pm6x-hp8r: Dell EMC Avamar Server versions 7
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
VMware
vSphere Data Protection (VDP) updates address multiple security issues.
vendor_vmware·2018-11-20·CVSS 9.8
CVE-2018-11066 [CRITICAL] vSphere Data Protection (VDP) updates address multiple security issues.
VMSA-2018-0029: vSphere Data Protection (VDP) updates address multiple security issues.
vSphere Data Protection (VDP) updates address multiple security issues. 2. Relevant Products vSphere Data Protection (VDP). VDP is based on Dell EMC Avamar Virtual Edition. 3. Problem Description a. Remote code execution vulnerability. VDP contains a remote code execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11066 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/105972http://www.securitytracker.com/id/1042153https://seclists.org/fulldisclosure/2018/Nov/50https://www.vmware.com/security/advisories/VMSA-2018-0029.htmlhttp://www.securityfocus.com/bid/105972http://www.securitytracker.com/id/1042153https://seclists.org/fulldisclosure/2018/Nov/50https://www.vmware.com/security/advisories/VMSA-2018-0029.html
2018-11-26
Published