#VU7154 Authentication bypass in EMC Avamar - CVE-2017-4989
Published: June 21, 2017
Vulnerability identifier: #VU7154
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4989
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
EMC Avamar
EMC Avamar
Software vendor:
Dell
Dell
Description
The vulnerability allows a remote attacker to bypass authentication on the target system.
The weakness exists due to improper access control. A remote attacker can bypass security restrictions, access the system maintenance page to view sensitive information, perform software updates, and run maintenance workflows.
Successful exploitation of the vulnerability results in access to the system.
The weakness exists due to improper access control. A remote attacker can bypass security restrictions, access the system maintenance page to view sensitive information, perform software updates, and run maintenance workflows.
Successful exploitation of the vulnerability results in access to the system.
Remediation
Update to version 7.2.1 with Hotfix 277897 and 7.3.1 with Hotfix 276676.