PT-2016-4474 · Emc · Avamar Server+2
Published
2016-09-21
·
Updated
2017-07-30
·
CVE-2016-0921
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
EMC Avamar Server versions prior to 7.3.0-233
Description
The issue concerns weak permissions for unspecified directories in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE), allowing local users to gain root access. This can be achieved by replacing a script with a Trojan horse program, enabling unauthorized access and control.
Recommendations
For versions prior to 7.3.0-233, update to version 7.3.0-233 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avamar Data Store
Avamar Server
Avamar Virtual Edition