CVE-2020-29494
Severity Score
8.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
Dell EMC Avamar Server, versiones 19.1, 19.2, 19.3, contiene una vulnerabilidad de salto de ruta en PDM. Un usuario remoto podrÃa aprovechar esta vulnerabilidad para conseguir acceso de escritura no autorizado a los archivos arbitrarios almacenados en el sistema de archivos del servidor, causando la eliminación de archivos arbitrarios
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-12-03 CVE Reserved
- 2021-01-14 CVE Published
- 2023-03-07 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities | 2021-01-21 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Emc Avamar Server Search vendor "Dell" for product "Emc Avamar Server" | 19.1 Search vendor "Dell" for product "Emc Avamar Server" and version "19.1" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Server Search vendor "Dell" for product "Emc Avamar Server" | 19.2 Search vendor "Dell" for product "Emc Avamar Server" and version "19.2" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Avamar Server Search vendor "Dell" for product "Emc Avamar Server" | 19.3 Search vendor "Dell" for product "Emc Avamar Server" and version "19.3" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" | 2.5 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.5" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Emc Integrated Data Protection Appliance Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" | 2.6 Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.6" | - |
Affected
| ||||||