Sign-up

ID

VAR-201910-0269


CVE

CVE-2019-3765


TITLE

Dell EMC Avamar Server and EMC Integrated Data Protection Appliance Vulnerable to improper permission assignment to critical resources

Trust: 0.8

sources: JVNDB: JVNDB-2019-010931

DESCRIPTION

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place. Dell EMC Avamar Server is a suite of fully virtualized backup and recovery software for servers

Trust: 1.71

sources: NVD: CVE-2019-3765 // JVNDB: JVNDB-2019-010931 // VULHUB: VHN-155200

AFFECTED PRODUCTS

vendor:dellmodel:emc avamar serverscope:eqversion:7.4.1

Trust: 1.6

vendor:dellmodel:emc avamar serverscope:eqversion:18.2

Trust: 1.6

vendor:dellmodel:emc avamar serverscope:eqversion:7.5.1

Trust: 1.6

vendor:dellmodel:emc avamar serverscope:eqversion:19.1

Trust: 1.6

vendor:dellmodel:emc avamar serverscope:eqversion:7.5.0

Trust: 1.6

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.0

Trust: 1.4

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.1

Trust: 1.4

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.2

Trust: 1.4

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.3

Trust: 1.4

vendor:dellmodel:emc integrated data protection appliancescope:eqversion:2.4

Trust: 1.4

vendor:dellmodel:emc integrated data protection appliancescope:gteversion:2.0

Trust: 1.0

vendor:dellmodel:emc integrated data protection appliancescope:lteversion:2.4

Trust: 1.0

vendor:dellmodel:emc avamarscope:eqversion:server 18.2

Trust: 0.8

vendor:dellmodel:emc avamarscope:eqversion:server 19.1

Trust: 0.8

vendor:dellmodel:emc avamarscope:eqversion:server 7.4.1

Trust: 0.8

vendor:dellmodel:emc avamarscope:eqversion:server 7.5.0

Trust: 0.8

vendor:dellmodel:emc avamarscope:eqversion:server 7.5.1

Trust: 0.8

sources: JVNDB: JVNDB-2019-010931 // CNNVD: CNNVD-201910-201 // NVD: CVE-2019-3765

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3765
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2019-3765
value: HIGH

Trust: 1.0

NVD: CVE-2019-3765
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-201
value: HIGH

Trust: 0.6

VULHUB: VHN-155200
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3765
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155200
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3765
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-3765
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 5.8
version: 3.0

Trust: 1.0

NVD: CVE-2019-3765
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155200 // JVNDB: JVNDB-2019-010931 // CNNVD: CNNVD-201910-201 // NVD: CVE-2019-3765 // NVD: CVE-2019-3765

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.9

sources: VULHUB: VHN-155200 // JVNDB: JVNDB-2019-010931 // NVD: CVE-2019-3765

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-201

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-201

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010931

PATCH
title:DSA-2019-138: Dell EMC Avamar Incorrect Permission Assignment for Critical Resource Vulnerabilityurl:https://www.dell.com/support/security/ja-jp/details/537649/DSA-2019-138-Dell-EMC-Avamar-Incorrect-Permission-Assignment-for-Critical-Resource-Vulnerability
Trust: 0.8
title:Dell EMC Avamar Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98930
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010931 // 
            
            
            
            CNNVD: CNNVD-201910-201

EXTERNAL IDS
db:NVDid:CVE-2019-3765
Trust: 2.5
db:JVNDBid:JVNDB-2019-010931
Trust: 0.8
db:CNNVDid:CNNVD-201910-201
Trust: 0.7
db:CNVDid:CNVD-2020-15717
Trust: 0.1
db:VULHUBid:VHN-155200
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155200 // 
            
            
            
            JVNDB: JVNDB-2019-010931 // 
            
            
            
            CNNVD: CNNVD-201910-201 // 
            
            
            
            NVD: CVE-2019-3765

REFERENCES
url:https://www.dell.com/support/security/en-us/details/537649/dsa-2019-138-dell-emc-avamar-incorrect-permission-assignment-for-critical-resource-vulnerability
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3765
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3765
Trust: 0.8
url:https://vigilance.fr/vulnerability/dell-emc-avamar-server-read-write-access-via-incorrect-permission-30531
Trust: 0.6
sources:
            
            
            VULHUB: VHN-155200 // 
            
            
            
            JVNDB: JVNDB-2019-010931 // 
            
            
            
            CNNVD: CNNVD-201910-201 // 
            
            
            
            NVD: CVE-2019-3765

SOURCES
db:VULHUBid:VHN-155200
db:JVNDBid:JVNDB-2019-010931
db:CNNVDid:CNNVD-201910-201
db:NVDid:CVE-2019-3765

LAST UPDATE DATE
2024-11-23T22:16:49.063000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155200date:2019-10-17T00:00:00
db:JVNDBid:JVNDB-2019-010931date:2019-10-24T00:00:00
db:CNNVDid:CNNVD-201910-201date:2019-10-21T00:00:00
db:NVDid:CVE-2019-3765date:2024-11-21T04:42:29.283

SOURCES RELEASE DATE
db:VULHUBid:VHN-155200date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010931date:2019-10-24T00:00:00
db:CNNVDid:CNNVD-201910-201date:2019-10-04T00:00:00
db:NVDid:CVE-2019-3765date:2019-10-09T20:15:27.800