Vulnerability-Lookup

CVE-2017-15549 (GCVE-0-2017-15549)

Vulnerability from cvelistv5 – Published: 2018-01-05 17:00 – Updated: 2024-08-05 19:57

Summary

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.

Severity ?

No CVSS data available.

CWE

Arbitrary file upload vulnerability

Assigner

dell

References

URL

Tags

	http://www.securitytracker.com/id/1040070	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/102363	vdb-entryx_refsource_BID
	http://seclists.org/fulldisclosure/2018/Jan/17	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0	Affected: EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:57:27.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040070",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040070"
          },
          {
            "name": "102363",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102363"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Jan/17"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary file upload vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-06T10:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1040070",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040070"
        },
        {
          "name": "102363",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102363"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Jan/17"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-15549",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Arbitrary file upload vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040070",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040070"
            },
            {
              "name": "102363",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102363"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2018/Jan/17",
              "refsource": "CONFIRM",
              "url": "http://seclists.org/fulldisclosure/2018/Jan/17"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-15549",
    "datePublished": "2018-01-05T17:00:00",
    "dateReserved": "2017-10-17T00:00:00",
    "dateUpdated": "2024-08-05T19:57:27.025Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.1-21:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"323E56C6-6B78-451F-A80E-041D54099867\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.1-145:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D107C2E-A98C-4242-9491-6E9D77C53AA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.1-302:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E873853-D132-4395-8A88-1950741E4020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.1-370:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CECC623-D5E1-491A-AE79-890BA83CEF83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.2-32:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DE64DDE-F009-442D-8287-C2985C7907CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.2-309:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E603320-F634-46D0-B3F3-27B43AD853C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.2-401:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"381B1CF4-9A04-419C-97D1-7997E24D78EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.3-125:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8E173EB-AA44-4C78-AE35-5A61120A3F0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.3-211:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D9B1C79-59E3-4FCE-8268-1125E599CE09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.3-226:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C79B2E0-E227-4D30-9EC0-6E186C8E1F7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.3-233:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCB11FC4-D82F-4F15-A559-1B86D6FD262D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.4-58:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEE728F4-0944-4526-98A1-2610A94958AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.4-242:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F72F4EE3-DE40-4F99-8869-DDCA53E8FBE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:avamar_server:7.5-183:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D008A0B-CB0F-4338-811C-02796C31F758\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8896568-958B-45D3-893B-30E3D9E4ED5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:networker:9.0:*:*:*:virtual:*:*:*\", \"matchCriteriaId\": \"D4E32F32-86B3-4833-B437-DAA7875637C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:networker:9.1:*:*:*:virtual:*:*:*\", \"matchCriteriaId\": \"C8608852-5E06-45F1-86F5-EB5E77E6D699\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:networker:9.2:*:*:*:virtual:*:*:*\", \"matchCriteriaId\": \"2D056AFC-8E7B-454D-A190-178ECA69D379\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario remoto malicioso con bajos privilegios podr\\u00eda cargar archivos arbitrarios maliciosamente manipulados en cualquier ubicaci\\u00f3n del sistema de archivos del servidor.\"}]",
      "id": "CVE-2017-15549",
      "lastModified": "2024-11-21T03:14:45.237",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-01-05T17:29:00.253",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2018/Jan/17\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102363\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040070\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Jan/17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102363\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040070\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-15549\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2018-01-05T17:29:00.253\",\"lastModified\":\"2024-11-21T03:14:45.237\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario remoto malicioso con bajos privilegios podr\u00eda cargar archivos arbitrarios maliciosamente manipulados en cualquier ubicaci\u00f3n del sistema de archivos del servidor.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.1-21:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"323E56C6-6B78-451F-A80E-041D54099867\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.1-145:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D107C2E-A98C-4242-9491-6E9D77C53AA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.1-302:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E873853-D132-4395-8A88-1950741E4020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.1-370:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CECC623-D5E1-491A-AE79-890BA83CEF83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.2-32:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DE64DDE-F009-442D-8287-C2985C7907CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.2-309:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E603320-F634-46D0-B3F3-27B43AD853C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.2-401:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"381B1CF4-9A04-419C-97D1-7997E24D78EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.3-125:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8E173EB-AA44-4C78-AE35-5A61120A3F0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.3-211:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D9B1C79-59E3-4FCE-8268-1125E599CE09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.3-226:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C79B2E0-E227-4D30-9EC0-6E186C8E1F7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.3-233:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCB11FC4-D82F-4F15-A559-1B86D6FD262D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.4-58:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEE728F4-0944-4526-98A1-2610A94958AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.4-242:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F72F4EE3-DE40-4F99-8869-DDCA53E8FBE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:avamar_server:7.5-183:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D008A0B-CB0F-4338-811C-02796C31F758\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8896568-958B-45D3-893B-30E3D9E4ED5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.0:*:*:*:virtual:*:*:*\",\"matchCriteriaId\":\"D4E32F32-86B3-4833-B437-DAA7875637C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.1:*:*:*:virtual:*:*:*\",\"matchCriteriaId\":\"C8608852-5E06-45F1-86F5-EB5E77E6D699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:networker:9.2:*:*:*:virtual:*:*:*\",\"matchCriteriaId\":\"2D056AFC-8E7B-454D-A190-178ECA69D379\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2018/Jan/17\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102363\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040070\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2018/Jan/17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102363\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CERTFR-2018-AVI-003

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans VMware vSphere Data Protection. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	VMware vSphere Data Protection (VDP) versions antérieures à 6.0.7
	VMware	N/A	VMware vSphere Data Protection (VDP) versions 6.1.x antérieures à 6.1.6

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2018-0001 du 02 janvier 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware vSphere Data Protection (VDP) versions ant\u00e9rieures \u00e0 6.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vSphere Data Protection (VDP) versions 6.1.x ant\u00e9rieures \u00e0 6.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-15550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15550"
    },
    {
      "name": "CVE-2017-15548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15548"
    },
    {
      "name": "CVE-2017-15549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15549"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-003",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware vSphere Data\nProtection. Elles permettent \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware vSphere Data Protection",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2018-0001 du 02 janvier 2018",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0001.html"
    }
  ]
}

CERTFR-2018-AVI-003

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	VMware vSphere Data Protection (VDP) versions antérieures à 6.0.7
	VMware	N/A	VMware vSphere Data Protection (VDP) versions 6.1.x antérieures à 6.1.6

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2018-0001 du 02 janvier 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware vSphere Data Protection (VDP) versions ant\u00e9rieures \u00e0 6.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vSphere Data Protection (VDP) versions 6.1.x ant\u00e9rieures \u00e0 6.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-15550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15550"
    },
    {
      "name": "CVE-2017-15548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15548"
    },
    {
      "name": "CVE-2017-15549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15549"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-003",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-01-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware vSphere Data\nProtection. Elles permettent \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware vSphere Data Protection",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2018-0001 du 02 janvier 2018",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0001.html"
    }
  ]
}

CNVD-2018-03038

Vulnerability from cnvd - Published: 2018-02-07

Title

VMware vSphere Data Protection任意文件上传漏洞

Description

VMware vSphere Data Protection是备份及恢复解决方案。 VMware vSphere Data Protection存在安全漏洞，允许远程攻击者利用漏洞提交特殊的请求，上传任意文件到服务器。

Severity

高

Patch Name

VMware vSphere Data Protection任意文件上传漏洞的补丁

Patch Description

VMware vSphere Data Protection是备份及恢复解决方案。 VMware vSphere Data Protection存在安全漏洞，允许远程攻击者利用漏洞提交特殊的请求，上传任意文件到服务器。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.emc.com/

Reference

https://tools.cisco.com/security/center/viewAlert.x?alertId=56349 http://www.securityfocus.com/bid/102363

Impacted products

Name
['VMware vSphere Data Protection 5.1', 'VMware vSphere Data Protection 5.5', 'VMware vSphere Data Protection 5.8', 'VMware vSphere Data Protection 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102363"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-15549"
    }
  },
  "description": "VMware vSphere Data Protection\u662f\u5907\u4efd\u53ca\u6062\u590d\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nVMware vSphere Data Protection\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u4e0a\u4f20\u4efb\u610f\u6587\u4ef6\u5230\u670d\u52a1\u5668\u3002",
  "discovererName": "VMware",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.emc.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-03038",
  "openTime": "2018-02-07",
  "patchDescription": "VMware vSphere Data Protection\u662f\u5907\u4efd\u53ca\u6062\u590d\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nVMware vSphere Data Protection\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u4e0a\u4f20\u4efb\u610f\u6587\u4ef6\u5230\u670d\u52a1\u5668\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware vSphere Data Protection\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMware vSphere Data Protection 5.1",
      "VMware vSphere Data Protection 5.5",
      "VMware vSphere Data Protection 5.8",
      "VMware vSphere Data Protection 0"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/viewAlert.x?alertId=56349\r\nhttp://www.securityfocus.com/bid/102363",
  "serverity": "\u9ad8",
  "submitTime": "2018-01-04",
  "title": "VMware vSphere Data Protection\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

GHSA-MR8J-5FFR-WHQQ

Vulnerability from github – Published: 2022-05-14 03:49 – Updated: 2022-05-14 03:49

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-15549"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-05T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.",
  "id": "GHSA-mr8j-5ffr-whqq",
  "modified": "2022-05-14T03:49:07Z",
  "published": "2022-05-14T03:49:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15549"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2018/Jan/17"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102363"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040070"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-15549

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2017-15549

Aliases

CVE-2017-15549

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-15549",
    "description": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.",
    "id": "GSD-2017-15549"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-15549"
      ],
      "details": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.",
      "id": "GSD-2017-15549",
      "modified": "2023-12-13T01:20:59.389678Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2017-15549",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Arbitrary file upload vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1040070",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040070"
          },
          {
            "name": "102363",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102363"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2018/Jan/17",
            "refsource": "CONFIRM",
            "url": "http://seclists.org/fulldisclosure/2018/Jan/17"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.3-125:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.2-309:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.2-401:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.2-32:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.1-302:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:networker:9.2:*:*:*:virtual:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.4-58:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.3-226:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.1-370:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.1-21:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:networker:9.1:*:*:*:virtual:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:networker:9.0:*:*:*:virtual:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.5-183:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.4-242:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.3-211:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.3-233:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:avamar_server:7.1-145:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2017-15549"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-434"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://seclists.org/fulldisclosure/2018/Jan/17",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jan/17"
            },
            {
              "name": "1040070",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040070"
            },
            {
              "name": "102363",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102363"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-01-18T23:23Z",
      "publishedDate": "2018-01-05T17:29Z"
    }
  }
}

FKIE_CVE-2017-15549

Vulnerability from fkie_nvd - Published: 2018-01-05 17:29 - Updated: 2024-11-21 03:14

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security_alert@emc.com	http://seclists.org/fulldisclosure/2018/Jan/17	Issue Tracking, Mailing List, Third Party Advisory
security_alert@emc.com	http://www.securityfocus.com/bid/102363	Third Party Advisory, VDB Entry
security_alert@emc.com	http://www.securitytracker.com/id/1040070	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2018/Jan/17	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102363	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040070	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
emc	avamar_server	7.1-21
emc	avamar_server	7.1-145
emc	avamar_server	7.1-302
emc	avamar_server	7.1-370
emc	avamar_server	7.2-32
emc	avamar_server	7.2-309
emc	avamar_server	7.2-401
emc	avamar_server	7.3-125
emc	avamar_server	7.3-211
emc	avamar_server	7.3-226
emc	avamar_server	7.3-233
emc	avamar_server	7.4-58
emc	avamar_server	7.4-242
emc	avamar_server	7.5-183
emc	integrated_data_protection_appliance	2.0
emc	networker	9.0
emc	networker	9.1
emc	networker	9.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.1-21:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "323E56C6-6B78-451F-A80E-041D54099867",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.1-145:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2D107C2E-A98C-4242-9491-6E9D77C53AA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.1-302:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E873853-D132-4395-8A88-1950741E4020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.1-370:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CECC623-D5E1-491A-AE79-890BA83CEF83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.2-32:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0DE64DDE-F009-442D-8287-C2985C7907CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.2-309:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E603320-F634-46D0-B3F3-27B43AD853C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.2-401:*:*:*:*:*:*:*",
              "matchCriteriaId": "381B1CF4-9A04-419C-97D1-7997E24D78EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.3-125:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F8E173EB-AA44-4C78-AE35-5A61120A3F0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.3-211:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D9B1C79-59E3-4FCE-8268-1125E599CE09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.3-226:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C79B2E0-E227-4D30-9EC0-6E186C8E1F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.3-233:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCB11FC4-D82F-4F15-A559-1B86D6FD262D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.4-58:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "EEE728F4-0944-4526-98A1-2610A94958AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.4-242:*:*:*:*:*:*:*",
              "matchCriteriaId": "F72F4EE3-DE40-4F99-8869-DDCA53E8FBE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:avamar_server:7.5-183:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D008A0B-CB0F-4338-811C-02796C31F758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8896568-958B-45D3-893B-30E3D9E4ED5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:networker:9.0:*:*:*:virtual:*:*:*",
              "matchCriteriaId": "D4E32F32-86B3-4833-B437-DAA7875637C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:networker:9.1:*:*:*:virtual:*:*:*",
              "matchCriteriaId": "C8608852-5E06-45F1-86F5-EB5E77E6D699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:networker:9.2:*:*:*:virtual:*:*:*",
              "matchCriteriaId": "2D056AFC-8E7B-454D-A190-178ECA69D379",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario remoto malicioso con bajos privilegios podr\u00eda cargar archivos arbitrarios maliciosamente manipulados en cualquier ubicaci\u00f3n del sistema de archivos del servidor."
    }
  ],
  "id": "CVE-2017-15549",
  "lastModified": "2024-11-21T03:14:45.237",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-05T17:29:00.253",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Jan/17"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102363"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Jan/17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040070"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-15549 (GCVE-0-2017-15549)

CERTFR-2018-AVI-003

Solution

CERTFR-2018-AVI-003

Solution

CNVD-2018-03038

GHSA-MR8J-5FFR-WHQQ

GSD-2017-15549

FKIE_CVE-2017-15549

Tags

Sightings

Nomenclature