Two vulnerabilities in EMC Avamar
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-4989 CVE-2017-4990 |
| CWE-ID | CWE-284 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
EMC Avamar Client/Desktop applications / Software for system administration |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Authentication bypass
EUVDB-ID: #VU7154
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4989
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication on the target system.
The weakness exists due to improper access control. A remote attacker can bypass security restrictions, access the system maintenance page to view sensitive information, perform software updates, and run maintenance workflows.
Successful exploitation of the vulnerability results in access to the system.
Update to version 7.2.1 with Hotfix 277897 and 7.3.1 with Hotfix 276676.
EMC Avamar: 7.2.0-401 - 7.3.1-125
External linkshttp://seclists.org/bugtraq/2017/Jun/att-40/ESA-2017-054.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Arbitrary PHP code execution
EUVDB-ID: #VU7155
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4990
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute PHP code on the target system.
The weakness exists due to improper validation of file extensions by the file upload feature of the system maintenance page. A remote attacker can send a specially crafted HTTP request, upload a malicious file to any directory and execute arbitrary PHP code on the vulnerable system.
Update to version 7.3.1 with Hotfix 276676 and 7.4.1 with Hotfix 279294.
EMC Avamar: 7.3.0-226 - 7.4.1-58
External linkshttp://seclists.org/bugtraq/2017/Jun/att-40/ESA-2017-054.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
