CVE-2018-11077

{"id": "CVE-2018-11077", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2018-11-26T20:29:00.420", "references": [{"url": "http://www.securityfocus.com/bid/105971", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1042153", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "https://seclists.org/fulldisclosure/2018/Nov/51", "tags": ["Mailing List", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."}, {"lang": "es", "value": "La utilidad \"getlogs\" en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) se ven afectadas por una vulnerabilidad de inyecci\u00f3n de comandos en el sistema operativo. Un usuario \"Avamar admin\" malicioso podr\u00eda ejecutar comandos arbitrarios bajo el privilegio root."}], "lastModified": "2018-12-31T21:26:58.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121"}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6"}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E"}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629"}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA"}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED"}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780"}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B634FEE-123C-413B-8D06-7D9E4AE0995B"}, {"criteria": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9022A46B-7D49-492A-8DC4-CBA9C2001497"}, {"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC"}, {"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53"}, {"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D"}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}