Privilege Escalation in EMC Avamar - CVE-2016-0921
Published: September 21, 2016
Vulnerability identifier: #VU569
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-0921
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC Avamar
EMC Avamar
Detailed vulnerability description
The vulnerability allows a local admin-level user to get root privileges and cause arbitrary command execution on the target system.
The weakness exists due to directory permissions flaw. Attacker can substitute directories and files with arbitrary directories and files to execute arbitrary commands with root privileges.
Successful exploitation of the vulnerabiity leads to gaining root privileges and arbitrary code execution.
The weakness exists due to directory permissions flaw. Attacker can substitute directories and files with arbitrary directories and files to execute arbitrary commands with root privileges.
Successful exploitation of the vulnerabiity leads to gaining root privileges and arbitrary code execution.
How to mitigate CVE-2016-0921
Update to 7.3.0-233.