CVE-2017-4990

Name of the Vulnerable Software and Affected Versions EMC Avamar Server Software versions 7.3.0-226 through 7.4.1-58

Description The issue is related to the lack of restrictions on uploading dangerous file types in the system maintenance page of the EMC Avamar Server Software. This could allow an unauthorized attacker to load a maliciously crafted file to any directory, potentially enabling the execution of arbitrary code on the Avamar Server system. The vulnerability can be exploited by a remote attacker using a specially crafted file.

Recommendations For versions 7.3.0-226 through 7.4.1-58, consider restricting access to the file upload feature in the system maintenance page until a fix is available. As a temporary workaround, limit the ability to upload files to authorized personnel only, and ensure that all uploaded files are thoroughly scanned for malicious content.