CVE-2018-11077 in Dell and VMware Products
Published on November 26, 2018
Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
Products Associated with CVE-2018-11077
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-11077 are published in these products:
Affected Versions
Dell EMC Avamar:- Version 7.2.0 is affected.
- Version 7.2.1 is affected.
- Version 7.3.0 is affected.
- Version 7.3.1 is affected.
- Version 7.4.0 is affected.
- Version 7.4.1 is affected.
- Version 7.5.0 is affected.
- Version 7.5.1 is affected.
- Version 18.1 is affected.
- Version 2.0 is affected.
- Version 2.1 is affected.
- Version 2.2 is affected.
Exploit Probability
EPSS
0.37%
Percentile
58.19%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.