Authentication bypass in EMC Avamar - CVE-2017-4989
Published: June 21, 2017
Vulnerability identifier: #VU7154
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4989
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC Avamar
EMC Avamar
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication on the target system.
The weakness exists due to improper access control. A remote attacker can bypass security restrictions, access the system maintenance page to view sensitive information, perform software updates, and run maintenance workflows.
Successful exploitation of the vulnerability results in access to the system.
The weakness exists due to improper access control. A remote attacker can bypass security restrictions, access the system maintenance page to view sensitive information, perform software updates, and run maintenance workflows.
Successful exploitation of the vulnerability results in access to the system.
How to mitigate CVE-2017-4989
Update to version 7.2.1 with Hotfix 277897 and 7.3.1 with Hotfix 276676.