cvelistv5 - cve-2018-11066

CVE-2018-11066 (GCVE-0-2018-11066)

Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-17 03:43

Summary

Severity ?

No CVSS data available.

CWE

Remote Code Execution Vulnerability

Assigner

dell

References

URL

Tags

	http://www.securityfocus.com/bid/105968	vdb-entryx_refsource_BID
	https://seclists.org/fulldisclosure/2018/Nov/49	mailing-listx_refsource_FULLDISC
	https://www.vmware.com/security/advisories/VMSA-2…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1042153	vdb-entryx_refsource_SECTRACK

Impacted products

Vendor

Product

Version

Dell EMC

Avamar

Affected: 7.2.0
Affected: 7.2.1
Affected: 7.3.0
Affected: 7.3.1
Affected: 7.4.0
Affected: 7.4.1
Affected: 7.5.0
Affected: 7.5.1
Affected: 18.1

Dell EMC

Integrated Data Protection Appliance

Affected: 2.0
Affected: 2.1
Affected: 2.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:36.502Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105968",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105968"
          },
          {
            "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
          },
          {
            "name": "1042153",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042153"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Avamar",
          "vendor": "Dell EMC",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.3.0"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.5.0"
            },
            {
              "status": "affected",
              "version": "7.5.1"
            },
            {
              "status": "affected",
              "version": "18.1"
            }
          ]
        },
        {
          "product": "Integrated Data Protection Appliance",
          "vendor": "Dell EMC",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            }
          ]
        }
      ],
      "datePublic": "2018-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-27T16:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "105968",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105968"
        },
        {
          "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
        },
        {
          "name": "1042153",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042153"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
          "ID": "CVE-2018-11066",
          "STATE": "PUBLIC",
          "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Avamar",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.2.0"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.2.1"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.3.0"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.3.1"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.4.0"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.4.1"
                          },
                          {
                            "version_value": "7.5.0"
                          },
                          {
                            "version_value": "7.5.1"
                          },
                          {
                            "version_value": "18.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Integrated Data Protection Appliance",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "2.0"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "2.1"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell EMC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105968",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105968"
            },
            {
              "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
            },
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
            },
            {
              "name": "1042153",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042153"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-11066",
    "datePublished": "2018-11-26T20:00:00Z",
    "dateReserved": "2018-05-14T00:00:00",
    "dateUpdated": "2024-09-17T03:43:20.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D9FD281-DB86-4D2D-BC19-CE2453709121\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA20E0E8-6812-4416-93AA-E59B693FCFC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"066595A8-C9EC-4ED3-AE76-A778F226B61E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBA338A4-140B-4C5E-9D58-C17163EBE629\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"490F94D4-CD84-418F-BCF3-A5FF2F98BEAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81FAAFDD-6A1B-44DE-92CB-B60D24397FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EA6C66A-CD8D-4829-891D-64FF533F3780\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B634FEE-123C-413B-8D06-7D9E4AE0995B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9022A46B-7D49-492A-8DC4-CBA9C2001497\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C4D195D-C047-42E9-9885-0464642EC6EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76D6282D-ABA7-4972-8E13-2A625F13CF53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06E2AD30-A9F5-453C-BC38-2A35DD39FA85\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AF32F55-AE25-4F52-B043-1C2623344F1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEC123DA-FBC3-4075-B4C0-A5295A6965A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D8E9053-F846-48A5-93D7-35D0665D4038\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"561D7F05-3074-44E8-A9C9-11CF1B8FFF49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF81991D-6B69-4849-86B3-3A35CCB4B4E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9DE2E06-EAF2-401B-A775-44EF23D17691\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12DE5F53-7FEC-4EF0-9841-C8493AE25E0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A908399-8C17-46B6-B554-77F588C2BF42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC8AFC55-915D-46AC-80DA-E100F4CFFD64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2B9A334-69EB-4E88-A446-18A1B0C669B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D94A218-4CA0-46EA-BA44-24E90037222D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC527586-5680-4626-95D4-28EF84439DDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1476A3A-9BD3-4DF5-8290-CC32AFFA122C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F946694-A52E-46C9-A4C7-663B5EE01138\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D006B093-4DEB-4911-995C-744B3189D46D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"664DCBF4-0C41-4B68-B983-4E16933BA269\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.\"}, {\"lang\": \"es\", \"value\": \"Dell EMC Avamar Client Manager, en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) tienen una vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo. Un atacante remoto no autenticado podr\\u00eda explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el servidor.\"}]",
      "id": "CVE-2018-11066",
      "lastModified": "2024-11-21T03:42:36.627",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-11-26T20:29:00.247",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/105968\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1042153\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://seclists.org/fulldisclosure/2018/Nov/49\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.vmware.com/security/advisories/VMSA-2018-0029.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/105968\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1042153\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://seclists.org/fulldisclosure/2018/Nov/49\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.vmware.com/security/advisories/VMSA-2018-0029.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-11066\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2018-11-26T20:29:00.247\",\"lastModified\":\"2024-11-21T03:42:36.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.\"},{\"lang\":\"es\",\"value\":\"Dell EMC Avamar Client Manager, en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) tienen una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el servidor.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D9FD281-DB86-4D2D-BC19-CE2453709121\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA20E0E8-6812-4416-93AA-E59B693FCFC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"066595A8-C9EC-4ED3-AE76-A778F226B61E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBA338A4-140B-4C5E-9D58-C17163EBE629\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490F94D4-CD84-418F-BCF3-A5FF2F98BEAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81FAAFDD-6A1B-44DE-92CB-B60D24397FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EA6C66A-CD8D-4829-891D-64FF533F3780\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B634FEE-123C-413B-8D06-7D9E4AE0995B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9022A46B-7D49-492A-8DC4-CBA9C2001497\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C4D195D-C047-42E9-9885-0464642EC6EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76D6282D-ABA7-4972-8E13-2A625F13CF53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06E2AD30-A9F5-453C-BC38-2A35DD39FA85\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AF32F55-AE25-4F52-B043-1C2623344F1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEC123DA-FBC3-4075-B4C0-A5295A6965A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D8E9053-F846-48A5-93D7-35D0665D4038\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"561D7F05-3074-44E8-A9C9-11CF1B8FFF49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF81991D-6B69-4849-86B3-3A35CCB4B4E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9DE2E06-EAF2-401B-A775-44EF23D17691\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12DE5F53-7FEC-4EF0-9841-C8493AE25E0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A908399-8C17-46B6-B554-77F588C2BF42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC8AFC55-915D-46AC-80DA-E100F4CFFD64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2B9A334-69EB-4E88-A446-18A1B0C669B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D94A218-4CA0-46EA-BA44-24E90037222D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC527586-5680-4626-95D4-28EF84439DDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1476A3A-9BD3-4DF5-8290-CC32AFFA122C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F946694-A52E-46C9-A4C7-663B5EE01138\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D006B093-4DEB-4911-995C-744B3189D46D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"664DCBF4-0C41-4B68-B983-4E16933BA269\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105968\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1042153\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/fulldisclosure/2018/Nov/49\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2018-0029.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105968\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1042153\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/fulldisclosure/2018/Nov/49\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2018-0029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2018-AVI-565

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans VMware vSphere Data Protection. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	vSphere Data Protection (VDP) versions 6.0.x antérieures à 6.0.9
	VMware	N/A	vSphere Data Protection (VDP) versions 6.1.x antérieures à 6.1.10

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2018-0029 du 20 novembre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "vSphere Data Protection (VDP) versions 6.0.x ant\u00e9rieures \u00e0 6.0.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vSphere Data Protection (VDP) versions 6.1.x ant\u00e9rieures \u00e0 6.1.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-11077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11077"
    },
    {
      "name": "CVE-2018-11067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11067"
    },
    {
      "name": "CVE-2018-11076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11076"
    },
    {
      "name": "CVE-2018-11066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11066"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-565",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-11-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware vSphere Data\nProtection. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware vSphere Data Protection",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2018-0029 du 20 novembre 2018",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
    }
  ]
}

CERTFR-2018-AVI-565

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	vSphere Data Protection (VDP) versions 6.0.x antérieures à 6.0.9
	VMware	N/A	vSphere Data Protection (VDP) versions 6.1.x antérieures à 6.1.10

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2018-0029 du 20 novembre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "vSphere Data Protection (VDP) versions 6.0.x ant\u00e9rieures \u00e0 6.0.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vSphere Data Protection (VDP) versions 6.1.x ant\u00e9rieures \u00e0 6.1.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-11077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11077"
    },
    {
      "name": "CVE-2018-11067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11067"
    },
    {
      "name": "CVE-2018-11076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11076"
    },
    {
      "name": "CVE-2018-11066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11066"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-565",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-11-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware vSphere Data\nProtection. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware vSphere Data Protection",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2018-0029 du 20 novembre 2018",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
    }
  ]
}

FKIE_CVE-2018-11066

Vulnerability from fkie_nvd - Published: 2018-11-26 20:29 - Updated: 2024-11-21 03:42

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security_alert@emc.com	http://www.securityfocus.com/bid/105968	Third Party Advisory, VDB Entry
security_alert@emc.com	http://www.securitytracker.com/id/1042153	Third Party Advisory, VDB Entry
security_alert@emc.com	https://seclists.org/fulldisclosure/2018/Nov/49	Mailing List, Third Party Advisory
security_alert@emc.com	https://www.vmware.com/security/advisories/VMSA-2018-0029.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105968	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042153	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/fulldisclosure/2018/Nov/49	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.vmware.com/security/advisories/VMSA-2018-0029.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
dell	emc_avamar	7.2.0
dell	emc_avamar	7.2.1
dell	emc_avamar	7.3.0
dell	emc_avamar	7.3.1
dell	emc_avamar	7.4.0
dell	emc_avamar	7.4.1
dell	emc_avamar	7.5.0
dell	emc_avamar	7.5.1
dell	emc_avamar	18.1
dell	emc_integrated_data_protection_appliance	2.0
dell	emc_integrated_data_protection_appliance	2.1
dell	emc_integrated_data_protection_appliance	2.2
vmware	vsphere_data_protection	6.0.0
vmware	vsphere_data_protection	6.0.1
vmware	vsphere_data_protection	6.0.2
vmware	vsphere_data_protection	6.0.3
vmware	vsphere_data_protection	6.0.4
vmware	vsphere_data_protection	6.0.5
vmware	vsphere_data_protection	6.0.6
vmware	vsphere_data_protection	6.0.7
vmware	vsphere_data_protection	6.0.8
vmware	vsphere_data_protection	6.1.0
vmware	vsphere_data_protection	6.1.1
vmware	vsphere_data_protection	6.1.2
vmware	vsphere_data_protection	6.1.3
vmware	vsphere_data_protection	6.1.4
vmware	vsphere_data_protection	6.1.5
vmware	vsphere_data_protection	6.1.6
vmware	vsphere_data_protection	6.1.7
vmware	vsphere_data_protection	6.1.8
vmware	vsphere_data_protection	6.1.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B634FEE-123C-413B-8D06-7D9E4AE0995B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9022A46B-7D49-492A-8DC4-CBA9C2001497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
    },
    {
      "lang": "es",
      "value": "Dell EMC Avamar Client Manager, en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) tienen una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el servidor."
    }
  ],
  "id": "CVE-2018-11066",
  "lastModified": "2024-11-21T03:42:36.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-26T20:29:00.247",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105968"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042153"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201811-0235

Vulnerability from variot - Updated: 2023-12-18 13:13

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. VMware vSphere Data Protection is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Dell EMC Avamar Server is a suite of fully virtualized backup and recovery software for servers. The following products and versions are affected: Dell EMC Avamar Server Version 7.2.0, Version 7.2.1, Version 7.3.0, Version 7.3.1, Version 7.4.0, Version 7.4.1, Version 7.5.0, Version 7.5.1 , Version 18.1; EMC IDPA Version 2.0, Version 2.1, Version 2.2.

Credits:

Dell EMC would like to thank Jarrod Farncomb of TSS (https://www.dtss.com.au/) for reporting these vulnerabilities.

Severity Rating For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

Legal Information Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

                           VMware Security Advisory

Advisory ID: VMSA-2018-0029

Severity: Critical

Synopsis: vSphere Data Protection (VDP) updates address

         multiple security issues.

Issue date: 2018-11-20

Updated on: 2018-11-20 (Initial Advisory)

CVE number: CVE-2018-11066, CVE-2018-11067, CVE-2018-11076, CVE-2018-11077

Summary

vSphere Data Protection (VDP) updates address

multiple security issues.

VDP is based on Dell EMC Avamar

Virtual Edition.

Problem Description

The Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the identifier CVE-2018-11066 to this issue.

Column 5 of the following table lists the action required to

remediate the vulnerability in each release, if a solution is

available.

VMware Product Running Replace with/ Mitigation/

Product Version on Severity Apply Patch Workaround

========== ========= ======= ======== ================ ==========

VDP 6.1.x VA Critical 6.1.10 None

VDP 6.0.x VA Critical 6.0.9 None

b. Open redirection vulnerability.

VDP contains an open redirection vulnerability. The vulnerability could be used to

conduct phishing attacks that cause users to unknowingly visit malicious

sites.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the identifier CVE-2018-11067 to this issue.

Column 5 of the following table lists the action required to

remediate the vulnerability in each release, if a solution is

available.

VMware Product Running Replace with/ Mitigation/

Product Version on Severity Apply Patch Workaround

========== ========= ======= ======== ================ ==========

VDP 6.1.x VA Important 6.1.10 None

VDP 6.0.x VA Important 6.0.9 None

c. Information exposure vulnerability.

VDP contains an information exposure vulnerability. VDP Java

management console's SSL/TLS private key may be leaked in the VDP

Java management client package. The private key could potentially be

used by an unauthenticated attacker on the same data-link layer to

initiate a MITM attack on management console users.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the identifier CVE-2018-11076 to this issue.

Column 5 of the following table lists the action required to

remediate the vulnerability in each release, if a solution is

available.

VMware Product Running Replace with/ Mitigation/

Product Version on Severity Apply Patch Workaround

========== ========= ======= ======== ================ ==========

VDP 6.1.x VA Important 6.1.9 None

VDP 6.0.x VA Important 6.0.9 None

d. Command injection vulnerability.

The 'getlogs' troubleshooting utility in VDP contains an OS command

injection vulnerability.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has

assigned the identifier CVE-2018-11077 to this issue.

Column 5 of the following table lists the action required to

remediate the vulnerability in each release, if a solution is

available.

VMware Product Running Replace with/ Mitigation/

Product Version on Severity Apply Patch Workaround

========== ========= ======= ======== ================ ==========

VDP 6.1.x VA Moderate 6.1.10 None

VDP 6.0.x VA Moderate 6.0.9 None

Solution

Please review the patch/release notes for your product and version and

verify the checksum of your downloaded file.

vSphere Data Protection 6.1.10

Downloads and Documentation:

https://my.vmware.com/group/vmware/details?productId=491

&downloadGroup=VDP6110

https://www.vmware.com/support/pubs/vdr_pubs.html

vSphere Data Protection 6.0.9

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?productId=491

&downloadGroup=VDP60_9

https://www.vmware.com/support/pubs/vdr_pubs.html

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11066

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11067

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11076

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11077

Change log

2018-11-20 VMSA-2018-0029

Initial security advisory in conjunction with the release of VMware

vSphere Data Protection 6.1.10 on 2018-11-20

Contact

E-mail list for product security notifications and announcements:

http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

 security-announce at lists.vmware.com

 bugtraq at securityfocus.com

 fulldisclosure at seclists.org

E-mail: security at vmware.com

PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories

https://www.vmware.com/security/advisories

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog

https://blogs.vmware.com/security

Twitter

https://twitter.com/VMwareSRC

-----BEGIN PGP SIGNATURE-----

Version: Encryption Desktop 10.4.1 (Build 490)

Charset: utf-8

wj8DBQFb9EH6DEcm8Vbi9kMRAm01AJ95gjr0/RR7uEkqUOpgt0tJadv8LgCfVk78

uNuYj2zthluNsnPjltdQNTQ=

=UYUq

-----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0235",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "6.1.6"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "6.1.5"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "6.1.4"
      },
      {
        "model": "emc integrated data protection appliance",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "dell",
        "version": "2.0"
      },
      {
        "model": "emc integrated data protection appliance",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "dell",
        "version": "2.1"
      },
      {
        "model": "emc integrated data protection appliance",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "dell",
        "version": "2.2"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "6.1.8"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "6.1.1"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "6.1.3"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "6.1.7"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "6.1.9"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "6.1.0"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "6.1.2"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "6.0.7"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "6.0.6"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "6.0.5"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "7.2.1"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "7.2.0"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "7.4.0"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "7.3.0"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "7.5.1"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "7.4.1"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "6.0.4"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "7.3.1"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "7.5.0"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "6.0.0"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "18.1"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "6.0.8"
      },
      {
        "model": "vsphere data protection",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell",
        "version": "server 18.1"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell",
        "version": "server 7.2.0"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell",
        "version": "server 7.2.1"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell",
        "version": "server 7.3.0"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell",
        "version": "server 7.3.1"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell",
        "version": "server 7.4.0"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell",
        "version": "server 7.4.1"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell",
        "version": "server 7.5.0"
      },
      {
        "model": "emc avamar",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell",
        "version": "server 7.5.1"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1"
      },
      {
        "model": "vsphere data protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "vsphere data protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.1.10"
      },
      {
        "model": "vsphere data protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.9"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105968"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012813"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11066"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-604"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11066"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "105968"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-11066",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2018-11066",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-120888",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-11066",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-11066",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201811-604",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-120888",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-11066",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-120888"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-11066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012813"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11066"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-604"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. VMware vSphere Data Protection is prone to a remote code-execution vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Dell EMC Avamar Server is a suite of fully virtualized backup and recovery software for servers. The following products and versions are affected: Dell EMC Avamar Server Version 7.2.0, Version 7.2.1, Version 7.3.0, Version 7.3.1, Version 7.4.0, Version 7.4.1, Version 7.5.0, Version 7.5.1 , Version 18.1; EMC IDPA Version 2.0, Version 2.1, Version 2.2. \n\nCredits:\n\nDell EMC would like to thank Jarrod Farncomb of TSS (https://www.dtss.com.au/) for reporting these vulnerabilities. \n\nSeverity Rating\nFor an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nLegal Information\nRead and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided \"as is\" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus\n iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNED MESSAGE-----\n\nHash: SHA1\n\n\n\n- - ------------------------------------------------------------------------\n\n\n\n                               VMware Security Advisory\n\n\n\nAdvisory ID: VMSA-2018-0029\n\nSeverity:    Critical\n\nSynopsis:    vSphere Data Protection (VDP) updates address\n\n             multiple security issues. \n\nIssue date:  2018-11-20\n\nUpdated on:  2018-11-20 (Initial Advisory)\n\nCVE number:  CVE-2018-11066, CVE-2018-11067, CVE-2018-11076, CVE-2018-11077\n\n\n\n\n\n1. Summary\n\n\n\n   vSphere Data Protection (VDP) updates address\n\n   multiple security issues. \n\n\n\n2. VDP is based on Dell EMC Avamar\n\n   Virtual Edition. \n\n\n\n3. Problem Description\n\n\n\n   a. \n\n\n\n   The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n\n   assigned the identifier CVE-2018-11066 to this issue. \n\n\n\n   Column 5 of the following table lists the action required to\n\n   remediate the vulnerability in each release, if a solution is\n\n   available. \n\n\n\n   VMware      Product    Running            Replace with/     Mitigation/\n\n   Product     Version    on       Severity  Apply Patch       Workaround\n\n   ==========  =========  =======  ========  ================  ==========\n\n   VDP         6.1.x      VA       Critical  6.1.10            None\n\n   VDP         6.0.x      VA       Critical  6.0.9             None\n\n\n\n\n\n   b. Open redirection vulnerability. \n\n\n\n   VDP contains an open redirection vulnerability. The vulnerability could be used to\n\n   conduct phishing attacks that cause users to unknowingly visit malicious\n\n   sites. \n\n\n\n   The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n\n   assigned the identifier CVE-2018-11067 to this issue. \n\n\n\n   Column 5 of the following table lists the action required to\n\n   remediate the vulnerability in each release, if a solution is\n\n   available. \n\n\n\n   VMware      Product    Running            Replace with/     Mitigation/\n\n   Product     Version    on       Severity  Apply Patch       Workaround\n\n   ==========  =========  =======  ========  ================  ==========\n\n   VDP         6.1.x      VA       Important 6.1.10             None\n\n   VDP         6.0.x      VA       Important 6.0.9              None\n\n\n\n\n\n   c. Information exposure vulnerability. \n\n\n\n   VDP contains an information exposure vulnerability. VDP Java\n\n   management console\u0027s SSL/TLS private key may be leaked in the VDP\n\n   Java management client package. The private key could potentially be\n\n   used by an unauthenticated attacker on the same data-link layer to\n\n   initiate a MITM attack on management console users. \n\n\n\n   The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n\n   assigned the identifier CVE-2018-11076 to this issue. \n\n\n\n   Column 5 of the following table lists the action required to\n\n   remediate the vulnerability in each release, if a solution is\n\n   available. \n\n\n\n   VMware      Product    Running            Replace with/     Mitigation/\n\n   Product     Version    on       Severity  Apply Patch       Workaround\n\n   ==========  =========  =======  ========  ================  ==========\n\n   VDP         6.1.x      VA       Important 6.1.9             None\n\n   VDP         6.0.x      VA       Important 6.0.9             None\n\n\n\n\n\n   d. Command injection vulnerability. \n\n\n\n   The \u0027getlogs\u0027 troubleshooting utility in VDP contains an OS command\n\n   injection vulnerability. \n\n\n\n   The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n\n   assigned the identifier CVE-2018-11077 to this issue. \n\n\n\n   Column 5 of the following table lists the action required to\n\n   remediate the vulnerability in each release, if a solution is\n\n   available. \n\n\n\n   VMware      Product    Running            Replace with/     Mitigation/\n\n   Product     Version    on       Severity  Apply Patch       Workaround\n\n   ==========  =========  =======  ========  ================  ==========\n\n   VDP         6.1.x      VA       Moderate  6.1.10            None\n\n   VDP         6.0.x      VA       Moderate  6.0.9             None\n\n\n\n4. Solution\n\n\n\n   Please review the patch/release notes for your product and version and\n\n   verify the checksum of your downloaded file. \n\n\n\n   vSphere Data Protection 6.1.10\n\n   Downloads and Documentation:\n\n   https://my.vmware.com/group/vmware/details?productId=491\n\n   \u0026downloadGroup=VDP6110\n\n   https://www.vmware.com/support/pubs/vdr_pubs.html\n\n\n\n   vSphere Data Protection 6.0.9\n\n   Downloads and Documentation:\n\n   https://my.vmware.com/web/vmware/details?productId=491\n\n   \u0026downloadGroup=VDP60_9\n\n   https://www.vmware.com/support/pubs/vdr_pubs.html\n\n\n\n\n\n5. References\n\n\n\n   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11066\n\n   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11067\n\n   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11076\n\n   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11077\n\n- - -------------------------------------------------------------------------\n\n\n\n6. Change log\n\n\n\n   2018-11-20 VMSA-2018-0029\n\n   Initial security advisory in conjunction with the release of VMware\n\n   vSphere Data Protection 6.1.10 on 2018-11-20\n\n\n\n- - -------------------------------------------------------------------------\n\n7. Contact\n\n\n\n   E-mail list for product security notifications and announcements:\n\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n\n\n   This Security Advisory is posted to the following lists:\n\n\n\n     security-announce at lists.vmware.com\n\n     bugtraq at securityfocus.com\n\n     fulldisclosure at seclists.org\n\n\n\n   E-mail: security at vmware.com\n\n   PGP key at: https://kb.vmware.com/kb/1055\n\n\n\n   VMware Security Advisories\n\n   https://www.vmware.com/security/advisories\n\n\n\n   VMware Security Response Policy\n\n   https://www.vmware.com/support/policies/security_response.html\n\n\n\n   VMware Lifecycle Support Phases\n\n   https://www.vmware.com/support/policies/lifecycle.html\n\n\n\n   VMware Security \u0026 Compliance Blog\n\n   https://blogs.vmware.com/security\n\n\n\n   Twitter\n\n   https://twitter.com/VMwareSRC\n\n\n\n   Copyright 2018 VMware Inc.  All rights reserved. \n\n\n\n-----BEGIN PGP SIGNATURE-----\n\nVersion: Encryption Desktop 10.4.1 (Build 490)\n\nCharset: utf-8\n\n\n\nwj8DBQFb9EH6DEcm8Vbi9kMRAm01AJ95gjr0/RR7uEkqUOpgt0tJadv8LgCfVk78\n\nuNuYj2zthluNsnPjltdQNTQ=\n\n=UYUq\n\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012813"
      },
      {
        "db": "BID",
        "id": "105968"
      },
      {
        "db": "VULHUB",
        "id": "VHN-120888"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-11066"
      },
      {
        "db": "PACKETSTORM",
        "id": "150417"
      },
      {
        "db": "PACKETSTORM",
        "id": "150414"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-120888",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-120888"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11066",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "105968",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1042153",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012813",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-604",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "150414",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "150417",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-120888",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-11066",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-120888"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-11066"
      },
      {
        "db": "BID",
        "id": "105968"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012813"
      },
      {
        "db": "PACKETSTORM",
        "id": "150417"
      },
      {
        "db": "PACKETSTORM",
        "id": "150414"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11066"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-604"
      }
    ]
  },
  "id": "VAR-201811-0235",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-120888"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:13:38.409000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Avamar",
        "trust": 0.8,
        "url": "https://www.dellemc.com/en-us/data-protection/avamar.htm#accordion0"
      },
      {
        "title": "VMSA-2018-0029",
        "trust": 0.8,
        "url": "https://www.vmware.com/security/advisories/vmsa-2018-0029.html"
      },
      {
        "title": "Dell EMC Avamar Server  and EMC Integrated Data Protection Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86949"
      },
      {
        "title": "VMware Security Advisories: vSphere Data Protection (VDP) updates address multiple security issues.",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=e4719ae78ad0535550b7b4c0f2e3d03e"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-11066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012813"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-604"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-77",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012813"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11066"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "https://seclists.org/fulldisclosure/2018/nov/49"
      },
      {
        "trust": 2.2,
        "url": "https://www.vmware.com/security/advisories/vmsa-2018-0029.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/105968"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1042153"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11066"
      },
      {
        "trust": 0.9,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11066"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11067"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.emc.com/servicecenter/contactemc/)."
      },
      {
        "trust": 0.1,
        "url": "https://www.dtss.com.au/)"
      },
      {
        "trust": 0.1,
        "url": "https://support.emc.com/kb/468307)."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11077"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/vmwaresrc"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/lifecycle.html"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11077"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11067"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/pubs/vdr_pubs.html"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11076"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "https://my.vmware.com/group/vmware/details?productid=491"
      },
      {
        "trust": 0.1,
        "url": "https://blogs.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "https://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11076"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://my.vmware.com/web/vmware/details?productid=491"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-120888"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-11066"
      },
      {
        "db": "BID",
        "id": "105968"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012813"
      },
      {
        "db": "PACKETSTORM",
        "id": "150417"
      },
      {
        "db": "PACKETSTORM",
        "id": "150414"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11066"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-604"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-120888"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-11066"
      },
      {
        "db": "BID",
        "id": "105968"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012813"
      },
      {
        "db": "PACKETSTORM",
        "id": "150417"
      },
      {
        "db": "PACKETSTORM",
        "id": "150414"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11066"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-604"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-120888"
      },
      {
        "date": "2018-11-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-11066"
      },
      {
        "date": "2018-11-20T00:00:00",
        "db": "BID",
        "id": "105968"
      },
      {
        "date": "2019-02-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012813"
      },
      {
        "date": "2018-11-21T02:06:19",
        "db": "PACKETSTORM",
        "id": "150417"
      },
      {
        "date": "2018-11-20T18:18:00",
        "db": "PACKETSTORM",
        "id": "150414"
      },
      {
        "date": "2018-11-26T20:29:00.247000",
        "db": "NVD",
        "id": "CVE-2018-11066"
      },
      {
        "date": "2018-11-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-604"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-120888"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-11066"
      },
      {
        "date": "2018-11-20T00:00:00",
        "db": "BID",
        "id": "105968"
      },
      {
        "date": "2019-02-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012813"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2018-11066"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-604"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "150417"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-604"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell EMC Avamar Server and  EMC Integrated Data Protection Appliance Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012813"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-604"
      }
    ],
    "trust": 0.6
  }
}

GHSA-M593-G9CM-C9FM

Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-11066"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-26T20:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.",
  "id": "GHSA-m593-g9cm-c9fm",
  "modified": "2022-05-13T01:49:01Z",
  "published": "2022-05-13T01:49:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11066"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105968"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1042153"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2018-23618

Vulnerability from cnvd - Published: 2018-11-21

Title

Dell EMC Avamar远程代码执行漏洞

Description

Dell EMC Avamar是一套用于服务器的完全虚拟化的备份和恢复软件。 Dell EMC Avamar存在远程代码执行漏洞。远程未经身份验证的攻击者可能利用此漏洞在服务器上执行任意命令。

Severity

高

Patch Name

Dell EMC Avamar远程代码执行漏洞的补丁

Patch Description

Dell EMC Avamar是一套用于服务器的完全虚拟化的备份和恢复软件。 Dell EMC Avamar存在远程代码执行漏洞。远程未经身份验证的攻击者可能利用此漏洞在服务器上执行任意命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://seclists.org/fulldisclosure/2018/Nov/49

Reference

https://seclists.org/fulldisclosure/2018/Nov/49

Impacted products

Name
['Dell EMC Avamar Server 7.3.1', 'Dell EMC Avamar Server 7.4.1', 'Dell EMC Avamar Server 7.5.0', 'Dell EMC Avamar Server 7.2.0', 'Dell EMC Avamar Server 7.2.1', 'Dell EMC Avamar Server 7.3.0', 'Dell EMC Avamar Server 7.4.0', 'Dell EMC Avamar Server 7.5.1', 'Dell EMC Avamar Server 18.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-11066"
    }
  },
  "description": "Dell EMC Avamar\u662f\u4e00\u5957\u7528\u4e8e\u670d\u52a1\u5668\u7684\u5b8c\u5168\u865a\u62df\u5316\u7684\u5907\u4efd\u548c\u6062\u590d\u8f6f\u4ef6\u3002\n\nDell EMC Avamar\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u670d\u52a1\u5668\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "Jarrod Farncomb",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://seclists.org/fulldisclosure/2018/Nov/49",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-23618",
  "openTime": "2018-11-21",
  "patchDescription": "Dell EMC Avamar\u662f\u4e00\u5957\u7528\u4e8e\u670d\u52a1\u5668\u7684\u5b8c\u5168\u865a\u62df\u5316\u7684\u5907\u4efd\u548c\u6062\u590d\u8f6f\u4ef6\u3002\r\n\r\nDell EMC Avamar\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u670d\u52a1\u5668\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell EMC Avamar\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell EMC Avamar Server 7.3.1",
      "Dell EMC Avamar Server 7.4.1",
      "Dell EMC Avamar Server 7.5.0",
      "Dell EMC Avamar Server 7.2.0",
      "Dell EMC Avamar Server 7.2.1",
      "Dell EMC Avamar Server 7.3.0",
      "Dell EMC Avamar Server 7.4.0",
      "Dell EMC Avamar Server 7.5.1",
      "Dell EMC Avamar Server 18.1"
    ]
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2018/Nov/49",
  "serverity": "\u9ad8",
  "submitTime": "2018-11-21",
  "title": "Dell EMC Avamar\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

GSD-2018-11066

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-11066

Aliases

CVE-2018-11066

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-11066",
    "description": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.",
    "id": "GSD-2018-11066"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-11066"
      ],
      "details": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.",
      "id": "GSD-2018-11066",
      "modified": "2023-12-13T01:22:42.217234Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
        "ID": "CVE-2018-11066",
        "STATE": "PUBLIC",
        "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Avamar",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_value": "7.2.0"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.2.1"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.3.0"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.3.1"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.4.0"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.4.1"
                        },
                        {
                          "version_value": "7.5.0"
                        },
                        {
                          "version_value": "7.5.1"
                        },
                        {
                          "version_value": "18.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Integrated Data Protection Appliance ",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_value": "2.0"
                        },
                        {
                          "affected": "=",
                          "version_value": "2.1"
                        },
                        {
                          "affected": "=",
                          "version_value": "2.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Dell EMC"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "105968",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105968"
          },
          {
            "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
            "refsource": "FULLDISC",
            "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
          },
          {
            "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
            "refsource": "CONFIRM",
            "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
          },
          {
            "name": "1042153",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1042153"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2018-11066"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Nov/49"
            },
            {
              "name": "1042153",
              "refsource": "SECTRACK",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "http://www.securitytracker.com/id/1042153"
            },
            {
              "name": "105968",
              "refsource": "BID",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/105968"
            },
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-11-26T20:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-11066 (GCVE-0-2018-11066)

CERTFR-2018-AVI-565

Solution

CERTFR-2018-AVI-565

Solution

FKIE_CVE-2018-11066

VAR-201811-0235

GHSA-M593-G9CM-C9FM

CNVD-2018-23618

GSD-2018-11066

Tags

Sightings

Nomenclature