Vulnerability Description
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Data Protection Advisor | 6.3 |
| Dell | Emc Integrated Data Protection Appliance Firmware | 2.0 |
| Dell | Emc Idpa Dp4400 | - |
| Dell | Emc Idpa Dp5800 | - |
| Dell | Emc Idpa Dp8300 | - |
| Dell | Emc Idpa Dp8800 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/security/en-us/details/539430/DSA-2019-155-Dell-EMCVendor Advisory
- https://www.dell.com/support/security/en-us/details/539430/DSA-2019-155-Dell-EMCVendor Advisory
FAQ
What is CVE-2019-18581?
CVE-2019-18581 is a vulnerability with a CVSS score of 7.2 (HIGH). Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A re...
How severe is CVE-2019-18581?
CVE-2019-18581 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18581?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Data Protection Advisor, Dell Emc Integrated Data Protection Appliance Firmware, Dell Emc Idpa Dp4400, Dell Emc Idpa Dp5800, Dell Emc Idpa Dp8300.