CVE-2017-4990

EUVD-2017-14103
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
emcavamar_server
7.3.0-226
emcavamar_server
7.3.0-233
emcavamar_server
7.3.1-125
emcavamar_server
7.4.0-242
emcavamar_server
7.4.1-58
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/archive/1/540754/30/0/threaded
http://www.securityfocus.com/bid/99243
http://www.securitytracker.com/id/1038718
http://www.securityfocus.com/archive/1/540754/30/0/threaded
http://www.securityfocus.com/bid/99243
http://www.securitytracker.com/id/1038718