CVE-2018-11066
CRITICALDell EMC Avamar Server 7.2.0-18.1 and IDPA 2.0-2.2 - Unauthenticated Remote Code Execution
Title source: llmDescription
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105968
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
https://seclists.org/fulldisclosure/2018/Nov/49
Patch, Third Party Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2018-0029.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1042153
Scores
CVSS v3
9.8
EPSS
0.4095
EPSS Percentile
97.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (31)
dell/emc_avamar
7.2.0
dell/emc_avamar
7.2.1
dell/emc_avamar
7.3.0
dell/emc_avamar
7.3.1
dell/emc_avamar
7.4.0
dell/emc_avamar
7.4.1
dell/emc_avamar
7.5.0
dell/emc_avamar
7.5.1
dell/emc_avamar
18.1
dell/emc_integrated_data_protection_appliance
2.0
... and 21 more
Published
Nov 26, 2018
Tracked Since
Feb 18, 2026