CVE-2018-11077
Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability
Severity Score
6.7
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
La utilidad "getlogs" en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) se ven afectadas por una vulnerabilidad de inyección de comandos en el sistema operativo. Un usuario "Avamar admin" malicioso podría ejecutar comandos arbitrarios bajo el privilegio root.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-05-14 CVE Reserved
- 2018-11-20 CVE Published
- 2023-11-20 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105971 | Third Party Advisory | |
| http://www.securitytracker.com/id/1042153 | Third Party Advisory | |
| https://seclists.org/fulldisclosure/2018/Nov/51 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2018-0029.html | 2018-12-31 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.2.0 Search vendor "Dell" for product "Emc Avamar" and version "7.2.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.2.1 Search vendor "Dell" for product "Emc Avamar" and version "7.2.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.3.0 Search vendor "Dell" for product "Emc Avamar" and version "7.3.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.3.1 Search vendor "Dell" for product "Emc Avamar" and version "7.3.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.4.0 Search vendor "Dell" for product "Emc Avamar" and version "7.4.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.4.1 Search vendor "Dell" for product "Emc Avamar" and version "7.4.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.5.0 Search vendor "Dell" for product "Emc Avamar" and version "7.5.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 7.5.1 Search vendor "Dell" for product "Emc Avamar" and version "7.5.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Search vendor "Dell" for product "Emc Avamar" | 18.1 Search vendor "Dell" for product "Emc Avamar" and version "18.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" | 2.0 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.0" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" | 2.1 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" | 2.2 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.0 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.1 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.2 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.3 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.4 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.5 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.6 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.6" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.7 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.7" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.0.8 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.0.8" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.0 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.1 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.2 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.3 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.4 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.5 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.6 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.6" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.7 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.7" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.8 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.8" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Data Protection Search vendor "Vmware" for product "Vsphere Data Protection" | 6.1.9 Search vendor "Vmware" for product "Vsphere Data Protection" and version "6.1.9" | - |
Affected
| ||||||