CVE-2018-11066
Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
Dell EMC Avamar Client Manager, en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) tienen una vulnerabilidad de ejecución remota de código. Un atacante remoto no autenticado podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el servidor.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-05-14 CVE Reserved
- 2018-11-20 CVE Published
- 2024-09-17 CVE Updated
- 2024-11-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105968 | Third Party Advisory | |
| http://www.securitytracker.com/id/1042153 | Third Party Advisory | |
| https://seclists.org/fulldisclosure/2018/Nov/49 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2018-0029.html | 2019-10-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.2.0 Search vendor "Dell" for product "Emc Avamar" and version "7.2.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.2.1 Search vendor "Dell" for product "Emc Avamar" and version "7.2.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.3.0 Search vendor "Dell" for product "Emc Avamar" and version "7.3.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.3.1 Search vendor "Dell" for product "Emc Avamar" and version "7.3.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.4.0 Search vendor "Dell" for product "Emc Avamar" and version "7.4.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.4.1 Search vendor "Dell" for product "Emc Avamar" and version "7.4.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.5.0 Search vendor "Dell" for product "Emc Avamar" and version "7.5.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.5.1 Search vendor "Dell" for product "Emc Avamar" and version "7.5.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 18.1 Search vendor "Dell" for product "Emc Avamar" and version "18.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" | 2.0 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" | 2.1 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" | 2.2 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.0 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.1 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.2 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.3 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.4 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.5 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.6 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.6" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.7 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.7" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.8 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.8" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.0 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.1 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.2 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.3 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.4 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.5 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.6 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.6" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.7 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.7" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.8 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.8" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.9 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.9" | - |
Affected
| ||||||