CVE-2017-4990
EMC Avamar File Upload / Authentication Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.
En EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233 y 7.3.0-226, un atacante no autorizado podría aprovechar la característica de subida de archivos de la página de mantenimiento del servidor para cargar un archivo maliciosamente manipulado en cualquier directorio, lo que podría permitir que el atacante ejecute código arbitrario en el sistema de Avamar Server.
EMC Avamar suffers from authentication bypass and remote file upload vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-29 CVE Reserved
- 2017-06-21 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/540754/30/0/threaded | Third Party Advisory | |
| http://www.securityfocus.com/bid/99243 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038718 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Avamar Server Search vendor "Emc" for product "Avamar Server" | 7.3.0-226 Search vendor "Emc" for product "Avamar Server" and version "7.3.0-226" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Avamar Server Search vendor "Emc" for product "Avamar Server" | 7.3.0-233 Search vendor "Emc" for product "Avamar Server" and version "7.3.0-233" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Avamar Server Search vendor "Emc" for product "Avamar Server" | 7.3.1-125 Search vendor "Emc" for product "Avamar Server" and version "7.3.1-125" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Avamar Server Search vendor "Emc" for product "Avamar Server" | 7.4.0-242 Search vendor "Emc" for product "Avamar Server" and version "7.4.0-242" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Avamar Server Search vendor "Emc" for product "Avamar Server" | 7.4.1-58 Search vendor "Emc" for product "Avamar Server" and version "7.4.1-58" | - |
Affected
| ||||||