CVE-2018-1217

Name of the Vulnerable Software and Affected Versions Dell EMC Avamar Server versions 7.3.1 through 7.5.0 Dell EMC Integrated Data Protection Appliance versions 2.0 through 2.1

Description The issue is related to a missing access control check, which could allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. These credentials are used to connect to Dell EMC Online Support. An attacker could also use the credentials to login to Dell EMC Online Support, potentially impersonating the AVI service actions.

Recommendations For Dell EMC Avamar Server versions 7.3.1 through 7.5.0, update the Avamar Installation Manager to a version that includes the missing access control check. For Dell EMC Integrated Data Protection Appliance versions 2.0 through 2.1, update the appliance to a version that includes the missing access control check. As a temporary workaround, consider restricting access to the LDLS credentials to minimize the risk of exploitation.