Arbitrary file upload in Emc Avamar_server

CVE-2017-4990

In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which coul…

Vulnerability class: Unrestricted File Upload

EPSS: 0.030 (85.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

  • Emc Avamar_server — versions 7.3.0-226, 7.3.0-233, 7.3.1-125
  • N/a Emc Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226 — versions EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2017-4990?
CVE-2017-4990 is a critical-severity vulnerability in Emc Avamar_server, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 9.8/10. Published 2017-06-21.
How severe is CVE-2017-4990?
Critical severity. CVSS v3 base score is 9.8 out of 10.