CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-29495

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1090%
EPSS Percentile39.67th
Published2021年1月14日
Last Modified2024年11月21日

Vulnerability Description

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.

Affected Platforms (CPE)

📦
Dell

Emc Avamar Server

= 19.1
📦
Dell

Emc Avamar Server

= 19.2
📦
Dell

Emc Avamar Server

= 19.3
📦
Dell

Emc Integrated Data Protection Appliance

= 2.5
📦
Dell

Emc Integrated Data Protection Appliance

= 2.6

References & Advisories

🔗 https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities
🔗 https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities

関連する脆弱性情報

CVE-2020-2949310.0

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthentic...

CVE-2017-49899.8

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker m...

CVE-2020-53419.8

Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell ...

CVE-2017-49909.8

In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file...