Multiple vulnerabilities in Dell Avamar Data Store Gen5A



Published: 2023-08-14
Risk Medium
Patch available YES
Number of vulnerabilities 34
CVE-ID CVE-2021-33159
CVE-2022-26343
CVE-2022-22558
CVE-2022-21123
CVE-2022-21125
CVE-2022-21127
CVE-2022-21166
CVE-2021-33126
CVE-2022-34422
CVE-2021-33128
CVE-2022-28709
CVE-2021-33124
CVE-2021-33123
CVE-2021-21571
CVE-2021-21131
CVE-2021-0159
CVE-2022-34423
CVE-2022-34421
CVE-2022-34411
CVE-2022-34376
CVE-2022-34406
CVE-2022-34407
CVE-2022-34408
CVE-2022-34409
CVE-2022-34410
CVE-2022-34412
CVE-2022-34420
CVE-2022-34413
CVE-2022-34414
CVE-2022-34415
CVE-2022-34416
CVE-2022-34417
CVE-2022-34418
CVE-2022-34419
CWE-ID CWE-287
CWE-284
CWE-119
CWE-200
CWE-459
CWE-787
CWE-295
CWE-264
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #15 is available.
Vulnerable software
Subscribe
Avamar Data Store Gen5A
Other software / Other software solutions

Vendor Dell

Security Bulletin

This security bulletin contains information about 34 vulnerabilities.

1) Improper Authentication

EUVDB-ID: #VU69314

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-33159

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests in firmware. A local administrator can bypass authentication process and gain elevated privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper access control

EUVDB-ID: #VU72449

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26343

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in the BIOS firmware. A local privileged user can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Buffer overflow

EUVDB-ID: #VU70710

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22558

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A local user can create a specially crafted trigger memory corruption and execute arbitrary code on the target system or perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Information disclosure

EUVDB-ID: #VU64364

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21123

CWE-ID:

Exploit availability:

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Information disclosure

EUVDB-ID: #VU64365

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21125

CWE-ID:

Exploit availability:

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.



Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Incomplete cleanup

EUVDB-ID: #VU64376

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21127

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to gain access to sensitive information on the system.

The vulnerability exists due to incomplete cleanup in specific special register read operations. A local user can enable information disclosure.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Information disclosure

EUVDB-ID: #VU64366

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21166

CWE-ID:

Exploit availability:

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Improper access control

EUVDB-ID: #VU66488

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-33126

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the firmware. A local administrator can bypass implemented security restrictions and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Buffer overflow

EUVDB-ID: #VU79431

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34422

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Improper access control

EUVDB-ID: #VU66494

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-33128

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the firmware. A local administrator can bypass implemented security restrictions and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Improper access control

EUVDB-ID: #VU66497

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-28709

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the firmware. A local administrator can bypass implemented security restrictions and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Out-of-bounds write

EUVDB-ID: #VU63177

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-33124

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the BIOS authenticated code module. A local user can run a specially crafted program to trigger an out-of-bounds write error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Improper access control

EUVDB-ID: #VU63083

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-33123

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to escalate privileges on the system

The vulnerability exists due to improper access restrictions in the BIOS authenticated code module. A local user can obtain elevated privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Improper certificate validation

EUVDB-ID: #VU54382

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-21571

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper certificate validation within the Dell BIOSConnect and Dell HTTPS Boot features. A remote attacker can perform MitM attack and cause a denial of service or tamper with the system boot.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU49709

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-21131

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in File System API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Input validation error

EUVDB-ID: #VU63179

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-0159

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in the BIOS authenticated code module. A local user can pass specially crafted data to the affected module and execute arbitrary code on the system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Buffer overflow

EUVDB-ID: #VU79430

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34423

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Buffer overflow

EUVDB-ID: #VU79432

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34421

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Buffer overflow

EUVDB-ID: #VU79410

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34411

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Buffer overflow

EUVDB-ID: #VU79428

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34376

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Buffer overflow

EUVDB-ID: #VU79401

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34406

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Buffer overflow

EUVDB-ID: #VU79403

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34407

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Buffer overflow

EUVDB-ID: #VU79405

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34408

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Buffer overflow

EUVDB-ID: #VU79404

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34409

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) Buffer overflow

EUVDB-ID: #VU79411

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34410

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) Buffer overflow

EUVDB-ID: #VU79409

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34412

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) Buffer overflow

EUVDB-ID: #VU79424

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34420

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

28) Buffer overflow

EUVDB-ID: #VU79408

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34413

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

29) Buffer overflow

EUVDB-ID: #VU79421

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34414

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing Microsoft Office files. A remote attacker can create a specially crafted Office document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

30) Buffer overflow

EUVDB-ID: #VU79420

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34415

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

31) Buffer overflow

EUVDB-ID: #VU79419

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34416

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

32) Buffer overflow

EUVDB-ID: #VU79416

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34417

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

33) Buffer overflow

EUVDB-ID: #VU79426

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34418

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

34) Buffer overflow

EUVDB-ID: #VU79425

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34419

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Avamar Data Store Gen5A: All versions

Fixed software versions

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000207897/dsa-2022-289-dell-emc-avamar-data-store-gen5a-november-2022-block-release-security-update


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###