CVE-2020-5341 — Deserialization of Untrusted Data in Dell Avamar Virtual Edition

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

12.7%

top 5.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Avamar Virtual Edition Dell EMC Avamar Server Dell EMC Integrated Data Protection Appliance Firmware

Timeline

PublishedJul 28

Latest updateMay 24

Description

Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDdell/emc_integrated_data_protection_appliance_firmware6 versions+5

▶NVDdell/emc_avamar_server7 versions+6

▶CVEListV5dell/avamar_virtual_editionunspecified — Avamar 7.5 Virtual Edition for VMware vSphere only

Patches

Patch: www.dell.com ↗Patch: www.dell.com ↗

🔴Vulnerability Details

GHSA

GHSA-wqh9-gr2m-8m6v: Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7↗2022-05-24

▶

CVEList

CVE-2020-5341: Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7↗2021-07-28

▶