CVE-2017-4989

CRITICAL

EMC Avamar Server Software <7.3.1-125 - Auth Bypass

Title source: llm
STIX 2.1

Description

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry x_refsource_confirm
http://www.securityfocus.com/archive/1/540754/30/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99243
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038718

Scores

CVSS v3 9.8
EPSS 0.0297
EPSS Percentile 86.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (7)
emc/avamar_server 7.2.0-401
emc/avamar_server 7.2.1-31
emc/avamar_server 7.2.1-32
emc/avamar_server 7.3.0-226
emc/avamar_server 7.3.0-233
emc/avamar_server 7.3.1-125
n/a/EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401 EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401
Published Jun 21, 2017
Tracked Since Feb 18, 2026