Vulnerability Description
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Avamar | 7.2.0 |
| Dell | Emc Integrated Data Protection Appliance | 2.0 |
| Vmware | Vsphere Data Protection | 6.0.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105971Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1042153Third Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2018/Nov/51Mailing ListThird Party Advisory
- https://www.vmware.com/security/advisories/VMSA-2018-0029.htmlPatchThird Party Advisory
- http://www.securityfocus.com/bid/105971Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1042153Third Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2018/Nov/51Mailing ListThird Party Advisory
- https://www.vmware.com/security/advisories/VMSA-2018-0029.htmlPatchThird Party Advisory
FAQ
What is CVE-2018-11077?
CVE-2018-11077 is a vulnerability with a CVSS score of 6.7 (MEDIUM). 'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 ...
How severe is CVE-2018-11077?
CVE-2018-11077 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11077?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Avamar, Dell Emc Integrated Data Protection Appliance, Vmware Vsphere Data Protection.