PT-2018-5915 · Emc · Emc Avamar Server+2

Michael Cramer

Publicado

2018-01-05

Atualizado

2018-01-18

CVE-2017-15549

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: EMC Avamar Server versions 7.1.x through 7.5.0 EMC NetWorker Virtual Edition (NVE) versions 9.0.x through 9.2.x EMC Integrated Data Protection Appliance version 2.0

Description: A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.

Recommendations: For EMC Avamar Server versions 7.1.x through 7.5.0, restrict access to file upload functionality to minimize the risk of exploitation. For EMC NetWorker Virtual Edition (NVE) versions 9.0.x through 9.2.x, consider disabling file upload features until a fix is available. For EMC Integrated Data Protection Appliance version 2.0, limit user privileges to prevent unauthorized file uploads.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2017-15549

Produtos afetados

Emc Avamar Server

Emc Integrated Data Protection Appliance

Emc Networker Virtual Edition

PT-2018-5915 · Emc · Emc Avamar Server+2

CVE-2017-15549

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5