CVE-2018-11077

MEDIUM Year: 2018
CVSS v3 Score
6.7
Medium
CVSS v2 Score
7.2
High
Weakness Type
CWE-78
View all →

Vulnerability Description

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

Related Vulnerabilities

CVE-2016-1320

MEDIUM
CVSS:6.7(Medium)

The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.

CWE-782016

CVE-2017-6796

MEDIUM
CVSS:6.7(Medium)

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary...

CWE-782017

CVE-2018-0115

MEDIUM
CVSS:6.7(Medium)

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an ...

CWE-782018

CVE-2018-0221

MEDIUM
CVSS:6.7(Medium)

A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or ca...

CWE-782018

CVE-2018-11805

MEDIUM
CVSS:6.7(Medium)

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition...

CWE-782018

CVE-2018-1184

MEDIUM
CVSS:6.7(Medium)

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerabil...

CWE-782018