Privilege Escalation in EMC Avamar - CVE-2016-0905
Published: September 21, 2016
Vulnerability identifier: #VU567
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-0905
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC Avamar
EMC Avamar
Detailed vulnerability description
The vulnerability allows a local admin-level user to cause arbitary command execution on the target system.
The weakness exists due to access control error. Attacker can cause "sudo" command that allows him to execute arbitrary command as a user with root privileges.
Successful vulnerability allows a malicious user get elevated privileges and trigger arbitrary command execution.
The weakness exists due to access control error. Attacker can cause "sudo" command that allows him to execute arbitrary command as a user with root privileges.
Successful vulnerability allows a malicious user get elevated privileges and trigger arbitrary command execution.
How to mitigate CVE-2016-0905
Update to 7.3.0-233.