CVE-2018-11077

Name of the Vulnerable Software and Affected Versions Dell EMC Avamar Server versions 7.2.0 through 7.5.1 and version 18.1 Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0 through 2.2

Description The issue is related to an OS command injection vulnerability in the 'getlogs' utility. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege. Additionally, there is a concern about the lack of protection for service data, which could allow a remote attacker to disclose the private key of SSL/TLS connections.

Recommendations For Dell EMC Avamar Server versions 7.2.0 through 7.5.1 and version 18.1, consider disabling the 'getlogs' utility until a patch is available to prevent potential OS command injection. For Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0 through 2.2, restrict access to sensitive service data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.