CVE-2017-15548

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
emcavamar_server
7.1-21:sp2
emcavamar_server
7.1-145:sp1
emcavamar_server
7.1-302
emcavamar_server
7.1-370
emcavamar_server
7.2-32:sp1
emcavamar_server
7.2-309
emcavamar_server
7.2-401
emcavamar_server
7.3-125:sp1
emcavamar_server
7.3-211
emcavamar_server
7.3-226
emcavamar_server
7.3-233
emcavamar_server
7.4-58:sp1
emcavamar_server
7.4-242
emcavamar_server
7.5-183
emcintegrated_data_protection_appliance
2.0
emcnetworker
9.0
emcnetworker
9.1
emcnetworker
9.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2018/Jan/17
http://www.securityfocus.com/bid/102352
http://www.securitytracker.com/id/1040070
http://seclists.org/fulldisclosure/2018/Jan/17
http://www.securityfocus.com/bid/102352
http://www.securitytracker.com/id/1040070