|CERT-In Vulnerability Note
Information Exposure Vulnerability in Dell EMC Avamar and Integrated Data Protection Appliance
Original Issue Date:November 28, 2018
Severity Rating: HIGH
- Dell EMC Avamar Server 7.2.0 and 7.2.1
- Dell EMC Avamar Server 7.3.0 and 7.3.1
- Dell EMC Avamar Server 7.4.0 and 7.4.1
- Dell EMC Integrated Data Protection Appliance (IDPA) 2.0
An information exposure vulnerability has been reported in Dell EMC Avamar and Integrated Data Protection Appliance, which could allow a remote attacker to compromise the affected systems.
This vulnerability exists in the Dell EMC Avamar and Integrated Data Protection Appliance due to leakage of information of the Avamar Java management console¿s SSL/TLS private key in the Avamar Java management client package. A remote attacker could exploit this vulnerability by initiating man-in-the-middle attacks on management console users leading to usage of the private key by the attacker on the same data-link layer.
Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code leading to compromise of the target system.
Apply appropriate updates as mentioned in the link below:
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003