CVE-2018-11076

Name of the Vulnerable Software and Affected Versions Dell EMC Avamar Server versions 7.2.0 through 7.4.1 Dell EMC Integrated Data Protection Appliance (IDPA) version 2.0

Description The issue is related to an information exposure vulnerability. The Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. This could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users. Additionally, the vulnerability may allow a remote attacker to execute arbitrary commands with root privileges due to the lack of neutralization of special elements used in the operating system command.

Recommendations For Dell EMC Avamar Server versions 7.2.0 through 7.4.1, consider disabling the Avamar Java management console until a patch is available to prevent potential MITM attacks. For Dell EMC Integrated Data Protection Appliance (IDPA) version 2.0, restrict access to the management console to minimize the risk of exploitation. As a temporary workaround, avoid using the Avamar Java management client package until the issue is resolved.