CVE-2020-5341

CRITICAL

Dell EMC Avamar Server 7.4.1-19.2 & Integrated Data Protection Appliance 2.0-2.4.1 - RCE via Deserialization

Title source: llm

Description

Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-Vulnerability

Scores

CVSS v3 9.8

EPSS 0.1271

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-502

Status published

Products (13)

dell/emc_avamar_server 7.4.1

dell/emc_avamar_server 7.5.0

dell/emc_avamar_server 7.5.1

dell/emc_avamar_server 18.1

dell/emc_avamar_server 18.2

dell/emc_avamar_server 19.1

dell/emc_avamar_server 19.2

dell/emc_integrated_data_protection_appliance_firmware 2.0

dell/emc_integrated_data_protection_appliance_firmware 2.1

dell/emc_integrated_data_protection_appliance_firmware 2.2

... and 3 more

Published Jul 28, 2021

Tracked Since Feb 18, 2026