CVE-2017-4990
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.
En EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233 y 7.3.0-226, un atacante no autorizado podría aprovechar la característica de subida de archivos de la página de mantenimiento del servidor para cargar un archivo maliciosamente manipulado en cualquier directorio, lo que podría permitir que el atacante ejecute código arbitrario en el sistema de Avamar Server.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-12-29 CVE Reserved
- 2017-06-21 CVE Published
- 2023-06-01 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/540754/30/0/threaded | Third Party Advisory | |
| http://www.securityfocus.com/bid/99243 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038718 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Avamar Server Search vendor "Emc" for product "Avamar Server" | 7.3.0-226 Search vendor "Emc" for product "Avamar Server" and version "7.3.0-226" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Avamar Server Search vendor "Emc" for product "Avamar Server" | 7.3.0-233 Search vendor "Emc" for product "Avamar Server" and version "7.3.0-233" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Avamar Server Search vendor "Emc" for product "Avamar Server" | 7.3.1-125 Search vendor "Emc" for product "Avamar Server" and version "7.3.1-125" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Avamar Server Search vendor "Emc" for product "Avamar Server" | 7.4.0-242 Search vendor "Emc" for product "Avamar Server" and version "7.4.0-242" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Avamar Server Search vendor "Emc" for product "Avamar Server" | 7.4.1-58 Search vendor "Emc" for product "Avamar Server" and version "7.4.1-58" | - |
Affected
| ||||||