CVE-2018-11077
published 2018-11-26CVE-2018-11077: 'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection…
PriorityP335medium6.7CVSS 3.0
AVLACLPRHUINSUCHIHAH
EPSS
1.00%
58.6th percentile
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_avamar | — | — |
| dell | emc_integrated_data_protection_appliance | — | — |
| dell | emc_integrated_data_protection_appliance | — | — |
| dell | emc_integrated_data_protection_appliance | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | avamar | — | — |
| dell_emc | integrated_data_protection_appliance | — | — |
| dell_emc | integrated_data_protection_appliance | — | — |
| dell_emc | integrated_data_protection_appliance | — | — |
| vmware | vmware_vsphere | — | — |
CVSS provenance
nvdv3.06.7MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
vSphere Data Protection (VDP) updates address multiple security issues.
vendor_vmware·2018-11-20·CVSS 9.8
CVE-2018-11066 [CRITICAL] vSphere Data Protection (VDP) updates address multiple security issues.
VMSA-2018-0029: vSphere Data Protection (VDP) updates address multiple security issues.
vSphere Data Protection (VDP) updates address multiple security issues. 2. Relevant Products vSphere Data Protection (VDP). VDP is based on Dell EMC Avamar Virtual Edition. 3. Problem Description a. Remote code execution vulnerability. VDP contains a remote code execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11066 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on
GHSA
GHSA-53fw-rm7m-jqgv: 'getlogs' utility in Dell EMC Avamar Server versions 7
ghsa_unreviewed·2022-05-14
CVE-2018-11077 [HIGH] CWE-78 GHSA-53fw-rm7m-jqgv: 'getlogs' utility in Dell EMC Avamar Server versions 7
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/105971http://www.securitytracker.com/id/1042153https://seclists.org/fulldisclosure/2018/Nov/51https://www.vmware.com/security/advisories/VMSA-2018-0029.htmlhttp://www.securityfocus.com/bid/105971http://www.securitytracker.com/id/1042153https://seclists.org/fulldisclosure/2018/Nov/51https://www.vmware.com/security/advisories/VMSA-2018-0029.html
2018-11-26
Published