Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2018-1217
PUBLISHED
More InfoOfficial Page
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
View Known Exploited Vulnerability (KEV) details
Published At-09 Apr, 2018 | 20:00
Updated At-16 Sep, 2024 | 19:47
Rejected At-
▼CVE Numbering Authority (CNA)

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.

Affected Products
Vendor
Dell Inc.Dell EMC
Product
Avamar, Integrated Data Protection Appliance
Versions
Affected
  • Avamar Server versions 7.3.1, 7.4.1, 7.5.0
  • Integrated Data Protection Appliance Versions 2.0, 2.1
Problem Types
TypeCWE IDDescription
textN/AMissing Access Control Vulnerability
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/44441/
exploit
x_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1040641
vdb-entry
x_refsource_SECTRACK
http://seclists.org/fulldisclosure/2018/Apr/14
mailing-list
x_refsource_FULLDISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/44441/
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.securitytracker.com/id/1040641
vdb-entry
x_refsource_SECTRACK
x_transferred
http://seclists.org/fulldisclosure/2018/Apr/14
mailing-list
x_refsource_FULLDISC
x_transferred
Details not found