Vulnerability-Lookup

CVE-2018-11076 (GCVE-0-2018-11076)

Vulnerability from cvelistv5 – Published: 2018-11-26 20:00 – Updated: 2024-09-16 20:32

Title

Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability

Summary

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

Severity ?

No CVSS data available.

CWE

Remote Code Execution Vulnerability

Assigner

dell

References

URL

GHSA-R38W-PM6X-HP8R

Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-11076"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-26T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.",
  "id": "GHSA-r38w-pm6x-hp8r",
  "modified": "2022-05-13T01:18:52Z",
  "published": "2022-05-13T01:18:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11076"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2018/Nov/50"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105972"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1042153"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2018-23620

Vulnerability from cnvd - Published: 2018-11-21

Title

Dell EMC Avamar and Integrated Data Protection Appliance信息泄露漏洞

Description

Dell EMC Avamar Server和EMC Integrated Data Protection Appliance都是美国戴尔（Dell）公司的产品。Dell EMC Avamar Server是一套用于服务器的完全虚拟化的备份和恢复软件。EMC Integrated Data Protection Appliance是一套基于磁盘的备份和恢复解决方案。 Dell EMC Avamar and Integrated Data Protection Appliance存在信息泄露漏洞。攻击者可利用漏洞获取敏感信息。

Severity

中

Patch Name

Dell EMC Avamar and Integrated Data Protection Appliance信息泄露漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://seclists.org/fulldisclosure/2018/Nov/50

Reference

https://seclists.org/fulldisclosure/2018/Nov/50

Impacted products

Name
['Dell EMC Avamar Server 7.3.1', 'Dell EMC Avamar Server 7.4.1', 'Dell EMC Avamar Server 7.5.0', 'Dell EMC Integrated Data Protection Appliance 2.0', 'Dell EMC Avamar Server 7.2.0', 'Dell EMC Avamar Server 7.2.1', 'Dell EMC Avamar Server 7.3.0', 'Dell EMC Avamar Server 7.4.0', 'Dell EMC Avamar Server 7.5.1', 'Dell EMC Avamar Server 18.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-11076"
    }
  },
  "description": "Dell EMC Avamar Server\u548cEMC Integrated Data Protection Appliance\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell EMC Avamar Server\u662f\u4e00\u5957\u7528\u4e8e\u670d\u52a1\u5668\u7684\u5b8c\u5168\u865a\u62df\u5316\u7684\u5907\u4efd\u548c\u6062\u590d\u8f6f\u4ef6\u3002EMC Integrated Data Protection Appliance\u662f\u4e00\u5957\u57fa\u4e8e\u78c1\u76d8\u7684\u5907\u4efd\u548c\u6062\u590d\u89e3\u51b3\u65b9\u6848\u3002\n\nDell EMC Avamar and Integrated Data Protection Appliance\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "TSS",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://seclists.org/fulldisclosure/2018/Nov/50",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-23620",
  "openTime": "2018-11-21",
  "patchDescription": "Dell EMC Avamar Server\u548cEMC Integrated Data Protection Appliance\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell EMC Avamar Server\u662f\u4e00\u5957\u7528\u4e8e\u670d\u52a1\u5668\u7684\u5b8c\u5168\u865a\u62df\u5316\u7684\u5907\u4efd\u548c\u6062\u590d\u8f6f\u4ef6\u3002EMC Integrated Data Protection Appliance\u662f\u4e00\u5957\u57fa\u4e8e\u78c1\u76d8\u7684\u5907\u4efd\u548c\u6062\u590d\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nDell EMC Avamar and Integrated Data Protection Appliance\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell EMC Avamar and Integrated Data Protection Appliance\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell EMC Avamar Server 7.3.1",
      "Dell EMC Avamar Server 7.4.1",
      "Dell EMC Avamar Server 7.5.0",
      "Dell EMC Integrated Data Protection Appliance 2.0",
      "Dell EMC Avamar Server 7.2.0",
      "Dell EMC Avamar Server 7.2.1",
      "Dell EMC Avamar Server 7.3.0",
      "Dell EMC Avamar Server 7.4.0",
      "Dell EMC Avamar Server 7.5.1",
      "Dell EMC Avamar Server 18.1"
    ]
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2018/Nov/50",
  "serverity": "\u4e2d",
  "submitTime": "2018-11-21",
  "title": "Dell EMC Avamar and Integrated Data Protection Appliance\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CERTFR-2018-AVI-565

Vulnerability from certfr_avis - Published: 2018-11-21 - Updated: 2018-11-21

De multiples vulnérabilités ont été découvertes dans VMware vSphere Data Protection. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	vSphere Data Protection (VDP) versions 6.0.x antérieures à 6.0.9
	VMware	N/A	vSphere Data Protection (VDP) versions 6.1.x antérieures à 6.1.10

References

Title

Publication Time

FKIE_CVE-2018-11076

Vulnerability from fkie_nvd - Published: 2018-11-26 20:29 - Updated: 2024-11-21 03:42

Severity ?

6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security_alert@emc.com	http://www.securityfocus.com/bid/105972	Third Party Advisory, VDB Entry
security_alert@emc.com	http://www.securitytracker.com/id/1042153	Third Party Advisory, VDB Entry
security_alert@emc.com	https://seclists.org/fulldisclosure/2018/Nov/50	Mailing List, Third Party Advisory
security_alert@emc.com	https://www.vmware.com/security/advisories/VMSA-2018-0029.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105972	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1042153	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/fulldisclosure/2018/Nov/50	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.vmware.com/security/advisories/VMSA-2018-0029.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
dell	emc_avamar	7.2.0
dell	emc_avamar	7.2.1
dell	emc_avamar	7.3.0
dell	emc_avamar	7.3.1
dell	emc_avamar	7.4.0
dell	emc_avamar	7.4.1
dell	emc_integrated_data_protection_appliance	2.0
vmware	vsphere_data_protection	6.0.0
vmware	vsphere_data_protection	6.0.1
vmware	vsphere_data_protection	6.0.2
vmware	vsphere_data_protection	6.0.3
vmware	vsphere_data_protection	6.0.4
vmware	vsphere_data_protection	6.0.5
vmware	vsphere_data_protection	6.0.6
vmware	vsphere_data_protection	6.0.7
vmware	vsphere_data_protection	6.0.8
vmware	vsphere_data_protection	6.1.0
vmware	vsphere_data_protection	6.1.1
vmware	vsphere_data_protection	6.1.2
vmware	vsphere_data_protection	6.1.3
vmware	vsphere_data_protection	6.1.4
vmware	vsphere_data_protection	6.1.5
vmware	vsphere_data_protection	6.1.6
vmware	vsphere_data_protection	6.1.7
vmware	vsphere_data_protection	6.1.8
vmware	vsphere_data_protection	6.1.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
    },
    {
      "lang": "es",
      "value": "Las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 y 7.4.1 de Dell EMC Avamar Server y la 2.0 de Dell EMC Integrated Data Protection Appliance (IDPA) se ven afectadas por una vulnerabilidad de exposici\u00f3n de informaci\u00f3n. La clave privada \"SSL/TLS\" de la consola de gesti\u00f3n de Avamar Java podr\u00eda divulgarse en el paquete del cliente de gesti\u00f3n del mismo. Esta clave privada podr\u00eda ser usada por un atacante no autenticado en la misma capa data-link para iniciar un ataque Man-in-the-Middle (MitM) contra los usuarios de la consola de gesti\u00f3n."
    }
  ],
  "id": "CVE-2018-11076",
  "lastModified": "2024-11-21T03:42:37.883",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-26T20:29:00.357",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105972"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042153"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Nov/50"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Nov/50"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-11076

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-11076

Aliases

CVE-2018-11076

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-11076",
    "description": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.",
    "id": "GSD-2018-11076"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-11076"
      ],
      "details": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.",
      "id": "GSD-2018-11076",
      "modified": "2023-12-13T01:22:41.834832Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
        "ID": "CVE-2018-11076",
        "STATE": "PUBLIC",
        "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Avamar",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_value": "7.2.0"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.2.1"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.3.0"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.3.1"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.4.0"
                        },
                        {
                          "affected": "=",
                          "version_value": "7.4.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Integrated Data Protection Appliance ",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_value": "2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Dell EMC"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
            "refsource": "FULLDISC",
            "url": "https://seclists.org/fulldisclosure/2018/Nov/50"
          },
          {
            "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
            "refsource": "CONFIRM",
            "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
          },
          {
            "name": "105972",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105972"
          },
          {
            "name": "1042153",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1042153"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2018-11076"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console\u0027s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/fulldisclosure/2018/Nov/50"
            },
            {
              "name": "1042153",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1042153"
            },
            {
              "name": "105972",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105972"
            },
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2018-11-26T20:29Z"
    }
  }
}

CVE-2018-11076

Vulnerability from fstec - Published: 20.11.2018

Title

Уязвимость системы резервного копирования Dell EMC Avamar Server и системы комплексной защиты данных DELL EMC Integrated Data Protection, существующая из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю выполнить произвольные команды с привилегиями root

Description

Уязвимость системы резервного копирования Dell EMC Avamar Server и системы комплексной защиты данных DELL EMC Integrated Data Protection существует из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольные команды с привилегиями root

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Dell Technologies

Software Name

EMC Avamar Server, EMC Integrated Data Protection Appliance

Software Version

7.2.0 (EMC Avamar Server), 7.2.1 (EMC Avamar Server), 7.3.0 (EMC Avamar Server), 7.3.1 (EMC Avamar Server), 7.4.0 (EMC Avamar Server), 7.4.1 (EMC Avamar Server), 7.5.0 (EMC Avamar Server), 7.5.1 (EMC Avamar Server), 18.1 (EMC Avamar Server), 2.0 (EMC Integrated Data Protection Appliance), 2.1 (EMC Integrated Data Protection Appliance), 2.2 (EMC Integrated Data Protection Appliance)

Possible Mitigations

Использование рекомендаций: https://support.emc.com/kb/468307

Reference

https://www.securityfocus.com/bid/105972/info https://www.vmware.com/security/advisories/VMSA-2018-0029.html https://vuldb.com/?id.127092 https://support.emc.com/kb/468307

CWE

CWE-78

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Dell Technologies",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.2.0 (EMC Avamar Server), 7.2.1 (EMC Avamar Server), 7.3.0 (EMC Avamar Server), 7.3.1 (EMC Avamar Server), 7.4.0 (EMC Avamar Server), 7.4.1 (EMC Avamar Server), 7.5.0 (EMC Avamar Server), 7.5.1 (EMC Avamar Server), 18.1 (EMC Avamar Server), 2.0 (EMC Integrated Data Protection Appliance), 2.1 (EMC Integrated Data Protection Appliance), 2.2 (EMC Integrated Data Protection Appliance)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://support.emc.com/kb/468307",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.11.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.07.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02391",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-11076",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "EMC Avamar Server, EMC Integrated Data Protection Appliance",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Dell EMC Avamar Server \u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0434\u0430\u043d\u043d\u044b\u0445 DELL EMC Integrated Data Protection, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b) (CWE-78)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Dell EMC Avamar Server \u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0434\u0430\u043d\u043d\u044b\u0445 DELL EMC Integrated Data Protection \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.securityfocus.com/bid/105972/info\nhttps://www.vmware.com/security/advisories/VMSA-2018-0029.html\nhttps://vuldb.com/?id.127092\nhttps://support.emc.com/kb/468307",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-78",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-11076 (GCVE-0-2018-11076)

GHSA-R38W-PM6X-HP8R

CNVD-2018-23620

CERTFR-2018-AVI-565

Solution

FKIE_CVE-2018-11076

GSD-2018-11076

CVE-2018-11076

Tags

Sightings

Nomenclature