PT-2016-4473 · Emc · Avamar Virtual Edition+2

Published

2016-09-21

Updated

2017-07-30

CVE-2016-0920

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EMC Avamar Server versions prior to 7.3.0-233

Description The issue allows local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. This is related to Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) components.

Recommendations For versions prior to 7.3.0-233, update to version 7.3.0-233 or later to resolve the issue. As a temporary workaround, consider restricting access to the sudo configuration to minimize the risk of exploitation.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2016-0920

Affected Products

Avamar Data Store

Avamar Virtual Edition

Emc Avamar Server

PT-2016-4473 · Emc · Avamar Virtual Edition+2

CVE-2016-0920

Weakness Enumeration

Related Identifiers

Affected Products

References · 4