CVE-2017-4989

critical

Description

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows.

References

http://www.securitytracker.com/id/1038718

http://www.securityfocus.com/bid/99243

http://www.securityfocus.com/archive/1/540754/30/0/threaded

Details

Source: Mitre, NVD

Published: 2017-06-21

Updated: 2017-07-07

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical