Privilege Escalation in EMC Avamar - CVE-2016-0920
Published: September 21, 2016
Vulnerability identifier: #VU568
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-0920
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC Avamar
EMC Avamar
Detailed vulnerability description
The vulnerability allows a local user to cause abritrary command execution on the target system.
The weakness exists due to insufficient access control. Attacker can cause "sudo" command that allows him to execute arbitrary command as a user with root privileges.
Successful vulnerability allows a malicious user get elevated privileges and trigger arbitrary command execution.
The weakness exists due to insufficient access control. Attacker can cause "sudo" command that allows him to execute arbitrary command as a user with root privileges.
Successful vulnerability allows a malicious user get elevated privileges and trigger arbitrary command execution.
How to mitigate CVE-2016-0920
Update to 7.3.0-233.