CVE-2017-15550 — HIGH (8.8)

Vulnerability Description

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Emc	Avamar Server	7.1-21
Emc	Integrated Data Protection Appliance	2.0
Emc	Networker	9.0

Related Weaknesses (CWE)

CWE-22

References

http://seclists.org/fulldisclosure/2018/Jan/17Issue TrackingMailing ListThird Party Advisory
http://www.securityfocus.com/bid/102358Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040070Third Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2018/Jan/17Issue TrackingMailing ListThird Party Advisory
http://www.securityfocus.com/bid/102358Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040070Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-15550?

CVE-2017-15550 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote auth...

How severe is CVE-2017-15550?

CVE-2017-15550 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-15550?

Check the references section above for vendor advisories and patch information. Affected products include: Emc Avamar Server, Emc Integrated Data Protection Appliance, Emc Networker.