cbcvebase.
CVE-2020-5341
published 2021-07-28

CVE-2020-5341: Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data…

PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.25%
89.8th percentile
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system.

Affected

14 ranges
VendorProductVersion rangeFixed in
dellavamar_virtual_edition>= unspecified < Avamar 7.5 Virtual Edition for VMware vSphere onlyAvamar 7.5 Virtual Edition for VMware vSphere only
dellemc_avamar_server
dellemc_avamar_server
dellemc_avamar_server
dellemc_avamar_server
dellemc_avamar_server
dellemc_avamar_server
dellemc_avamar_server
dellemc_integrated_data_protection_appliance_firmware
dellemc_integrated_data_protection_appliance_firmware
dellemc_integrated_data_protection_appliance_firmware
dellemc_integrated_data_protection_appliance_firmware
dellemc_integrated_data_protection_appliance_firmware
dellemc_integrated_data_protection_appliance_firmware

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.