PT-2021-12395 · Dell Emc · Dell Emc Avamar Server+1
Published
2021-07-28
·
Updated
2021-08-05
·
CVE-2020-5341
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1, 19.2
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4, 2.4.1
Description
A Deserialization of Untrusted Data issue allows a remote unauthenticated attacker to send a serialized payload that would execute code on the system.
Recommendations
For Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1, 19.2, update to a version that contains a fix for this issue.
For Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4, 2.4.1, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Emc Avamar Server
Dell Emc Integrated Data Protection Appliance