{ "id": "CVE-2018-11077", "sourceIdentifier": "security_alert@emc.com", "published": "2018-11-26T20:29:00.420", "lastModified": "2018-12-31T21:26:58.693", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege." }, { "lang": "es", "value": "La utilidad \"getlogs\" en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) se ven afectadas por una vulnerabilidad de inyecci\u00f3n de comandos en el sistema operativo. Un usuario \"Avamar admin\" malicioso podr\u00eda ejecutar comandos arbitrarios bajo el privilegio root." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 0.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2 }, "baseSeverity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-78" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3B634FEE-123C-413B-8D06-7D9E4AE0995B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*", "matchCriteriaId": "9022A46B-7D49-492A-8DC4-CBA9C2001497" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53" }, { "vulnerable": true, "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269" } ] } ] } ], "references": [ { "url": "http://www.securityfocus.com/bid/105971", "source": "security_alert@emc.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1042153", "source": "security_alert@emc.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://seclists.org/fulldisclosure/2018/Nov/51", "source": "security_alert@emc.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html", "source": "security_alert@emc.com", "tags": [ "Patch", "Third Party Advisory" ] } ] }