{"containers": {"cna": {"affected": [{"product": "Avamar", "vendor": "Dell EMC", "versions": [{"status": "affected", "version": "7.2.0"}, {"status": "affected", "version": "7.2.1"}, {"status": "affected", "version": "7.3.0"}, {"status": "affected", "version": "7.3.1"}, {"status": "affected", "version": "7.4.0"}, {"status": "affected", "version": "7.4.1"}, {"status": "affected", "version": "7.5.0"}, {"status": "affected", "version": "7.5.1"}, {"status": "affected", "version": "18.1"}]}, {"product": "Integrated Data Protection Appliance ", "vendor": "Dell EMC", "versions": [{"status": "affected", "version": "2.0"}, {"status": "affected", "version": "2.1"}, {"status": "affected", "version": "2.2"}]}], "datePublic": "2018-11-20T00:00:00", "descriptions": [{"lang": "en", "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-27T16:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "105968", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105968"}, {"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "https://seclists.org/fulldisclosure/2018/Nov/49"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"}, {"name": "1042153", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1042153"}], "source": {"discovery": "UNKNOWN"}, "title": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2018-11-20T05:00:00.000Z", "ID": "CVE-2018-11066", "STATE": "PUBLIC", "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Avamar", "version": {"version_data": [{"affected": "=", "version_affected": "=", "version_value": "7.2.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.2.1"}, {"affected": "=", "version_affected": "=", "version_value": "7.3.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.3.1"}, {"affected": "=", "version_affected": "=", "version_value": "7.4.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.4.1"}, {"version_value": "7.5.0"}, {"version_value": "7.5.1"}, {"version_value": "18.1"}]}}, {"product_name": "Integrated Data Protection Appliance ", "version": {"version_data": [{"affected": "=", "version_affected": "=", "version_value": "2.0"}, {"affected": "=", "version_affected": "=", "version_value": "2.1"}, {"affected": "=", "version_affected": "=", "version_value": "2.2"}]}}]}, "vendor_name": "Dell EMC"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution Vulnerability"}]}]}, "references": {"reference_data": [{"name": "105968", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105968"}, {"name": "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities", "refsource": "FULLDISC", "url": "https://seclists.org/fulldisclosure/2018/Nov/49"}, {"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html", "refsource": "CONFIRM", "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"}, {"name": "1042153", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042153"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-11066", "datePublished": "2018-11-20T00:00:00", "dateReserved": "2018-05-14T00:00:00", "dateUpdated": "2018-11-27T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D9FD281-DB86-4D2D-BC19-CE2453709121", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA20E0E8-6812-4416-93AA-E59B693FCFC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "066595A8-C9EC-4ED3-AE76-A778F226B61E", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBA338A4-140B-4C5E-9D58-C17163EBE629", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "490F94D4-CD84-418F-BCF3-A5FF2F98BEAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "81FAAFDD-6A1B-44DE-92CB-B60D24397FED", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8EA6C66A-CD8D-4829-891D-64FF533F3780", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_avamar:7.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3B634FEE-123C-413B-8D06-7D9E4AE0995B", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_avamar:18.1:*:*:*:*:*:*:*", "matchCriteriaId": "9022A46B-7D49-492A-8DC4-CBA9C2001497", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C4D195D-C047-42E9-9885-0464642EC6EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "76D6282D-ABA7-4972-8E13-2A625F13CF53", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_integrated_data_protection_appliance:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "06E2AD30-A9F5-453C-BC38-2A35DD39FA85", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FBA48F5F-3B72-427E-9C9A-E5C3EC03A5F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5AF32F55-AE25-4F52-B043-1C2623344F1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B8FEBFF6-CEF2-4A8E-BA29-3F383D6DF436", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "BEC123DA-FBC3-4075-B4C0-A5295A6965A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D8E9053-F846-48A5-93D7-35D0665D4038", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "561D7F05-3074-44E8-A9C9-11CF1B8FFF49", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF81991D-6B69-4849-86B3-3A35CCB4B4E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "F9DE2E06-EAF2-401B-A775-44EF23D17691", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "12DE5F53-7FEC-4EF0-9841-C8493AE25E0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D7E39A9-BE37-4848-BAD2-7F97D04F0D7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7A908399-8C17-46B6-B554-77F588C2BF42", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "FC8AFC55-915D-46AC-80DA-E100F4CFFD64", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E2B9A334-69EB-4E88-A446-18A1B0C669B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "0D94A218-4CA0-46EA-BA44-24E90037222D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "AC527586-5680-4626-95D4-28EF84439DDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "F1476A3A-9BD3-4DF5-8290-CC32AFFA122C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "0F946694-A52E-46C9-A4C7-663B5EE01138", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "D006B093-4DEB-4911-995C-744B3189D46D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_data_protection:6.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "664DCBF4-0C41-4B68-B983-4E16933BA269", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server."}, {"lang": "es", "value": "Dell EMC Avamar Client Manager, en las versiones 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 y 18.1 de Dell EMC Avamar Server y las 2.0, 2.1 y 2.2 de Dell EMC Integrated Data Protection Appliance (IDPA) tienen una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el servidor."}], "id": "CVE-2018-11066", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-26T20:29:00.247", "references": [{"source": "security_alert@emc.com", "tags": ["VDB Entry", "Third Party Advisory"], "url": "http://www.securityfocus.com/bid/105968"}, {"source": "security_alert@emc.com", "tags": ["VDB Entry", "Third Party Advisory"], "url": "http://www.securitytracker.com/id/1042153"}, {"source": "security_alert@emc.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2018/Nov/49"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}