Description
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry x_refsource_confirm
http://www.securityfocus.com/archive/1/540754/30/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99243
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038718
Scores
CVSS v3
9.8
EPSS
0.0168
EPSS Percentile
82.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (6)
emc/avamar_server
7.3.0-226
emc/avamar_server
7.3.0-233
emc/avamar_server
7.3.1-125
emc/avamar_server
7.4.0-242
emc/avamar_server
7.4.1-58
n/a/EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226
EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226
Published
Jun 21, 2017
Tracked Since
Feb 18, 2026