CVE-2021-36316Improper Privilege Management in Dell Avamar

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.2HIGHNVD
CNA6.7
EPSS
0.2%
top 54.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell AvamarDell EMC Avamar Server
Timeline
PublishedDec 21
Latest updateDec 22

Description

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDdell/emc_avamar_server5 versions+4
CVEListV5dell/avamar18.2, 19.1, 19.2, 19.3, 19.4

Patches

Patch: www.dell.comPatch: www.dell.com

🔴Vulnerability Details

2
GHSA
GHSA-wrmw-qgfp-5p47: Dell EMC Avamar Server versions 182021-12-22
CVEList
CVE-2021-36316: Dell EMC Avamar Server versions 182021-12-21
CVE-2021-36316 — Improper Privilege Management in Dell | cvebase