PT-2018-5915 · Emc · Emc Avamar Server+2

Michael Cramer

Published

2018-01-05

Updated

2018-01-18

CVE-2017-15549

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: EMC Avamar Server versions 7.1.x through 7.5.0 EMC NetWorker Virtual Edition (NVE) versions 9.0.x through 9.2.x EMC Integrated Data Protection Appliance version 2.0

Description: A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.

Recommendations: For EMC Avamar Server versions 7.1.x through 7.5.0, restrict access to file upload functionality to minimize the risk of exploitation. For EMC NetWorker Virtual Edition (NVE) versions 9.0.x through 9.2.x, consider disabling file upload features until a fix is available. For EMC Integrated Data Protection Appliance version 2.0, limit user privileges to prevent unauthorized file uploads.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2017-15549

Affected Products

Emc Avamar Server

Emc Integrated Data Protection Appliance

Emc Networker Virtual Edition

PT-2018-5915 · Emc · Emc Avamar Server+2

CVE-2017-15549

Weakness Enumeration

Related Identifiers

Affected Products

References · 5