SB2017062109 - Two vulnerabilities in EMC Avamar
Published: June 21, 2017
Security Bulletin ID
SB2017062109
CSH Severity
High
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Authentication bypass (CVE-ID: CVE-2017-4989)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass authentication on the target system.
The weakness exists due to improper access control. A remote attacker can bypass security restrictions, access the system maintenance page to view sensitive information, perform software updates, and run maintenance workflows.
Successful exploitation of the vulnerability results in access to the system.
2) Arbitrary PHP code execution (CVE-ID: CVE-2017-4990)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute PHP code on the target system.
The weakness exists due to improper validation of file extensions by the file upload feature of the system maintenance page. A remote attacker can send a specially crafted HTTP request, upload a malicious file to any directory and execute arbitrary PHP code on the vulnerable system.
Remediation
Install update from vendor's website.