CVE-2017-4990

In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
emcavamar_server
7.3.0-226
emcavamar_server
7.3.0-233
emcavamar_server
7.3.1-125
emcavamar_server
7.4.0-242
emcavamar_server
7.4.1-58
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/archive/1/540754/30/0/threaded
http://www.securityfocus.com/bid/99243
http://www.securitytracker.com/id/1038718
http://www.securityfocus.com/archive/1/540754/30/0/threaded
http://www.securityfocus.com/bid/99243
http://www.securitytracker.com/id/1038718