Details of VAR-202101-0517

ID

VAR-202101-0517

CVE

CVE-2020-29494

TITLE

DELL EMC Avamar Server Traversal Vulnerability in Japan

Trust: 0.8

sources: JVNDB: JVNDB-2020-015495

DESCRIPTION

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files. DELL Dell EMC Avamar Server is a set of fully virtualized backup and recovery software for servers from Dell (DELL)

Trust: 1.71

sources: NVD: CVE-2020-29494 // JVNDB: JVNDB-2020-015495 // VULHUB: VHN-376198

AFFECTED PRODUCTS

vendor:	dell	model:	emc avamar server	scope:	eq	version:	19.3	Trust: 1.0
vendor:	dell	model:	emc avamar server	scope:	eq	version:	19.1	Trust: 1.0
vendor:	dell	model:	emc avamar server	scope:	eq	version:	19.2	Trust: 1.0
vendor:	dell	model:	emc integrated data protection appliance	scope:	eq	version:	2.6	Trust: 1.0
vendor:	dell	model:	emc integrated data protection appliance	scope:	eq	version:	2.5	Trust: 1.0
vendor:	デル	model:	dell emc avamar server	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell emc integrated data protection appliance	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015495 // NVD: CVE-2020-29494

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29494
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2020-29494
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-29494
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202101-1152
value:	HIGH
Trust: 0.6
VULHUB:	VHN-376198
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-29494
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-376198
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-29494
baseSeverity:	HIGH
baseScore:	8.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	5.8
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-015495
baseSeverity:	HIGH
baseScore:	8.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-376198 // JVNDB: JVNDB-2020-015495 // CNNVD: CNNVD-202101-1152 // NVD: CVE-2020-29494 // NVD: CVE-2020-29494

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	Path traversal (CWE-22) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-376198 // JVNDB: JVNDB-2020-015495 // NVD: CVE-2020-29494

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1152

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202101-1152

PATCH

title:	DSA-2020-272 Dell EMC Avamar Server Security Update for Multiple Vulnerabilities	url:	https://www.dell.com/support/kbdoc/ja-jp/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	DELL Dell EMC Avamar Server Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139247	Trust: 0.6

sources: JVNDB: JVNDB-2020-015495 // CNNVD: CNNVD-202101-1152

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29494	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-015495	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-1152	Trust: 0.7
db:	VULHUB	id:	VHN-376198	Trust: 0.1

sources: VULHUB: VHN-376198 // JVNDB: JVNDB-2020-015495 // CNNVD: CNNVD-202101-1152 // NVD: CVE-2020-29494

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29494	Trust: 1.4
url:	https://vigilance.fr/vulnerability/dell-emc-avamar-server-three-vulnerabilities-34355	Trust: 0.6

sources: VULHUB: VHN-376198 // JVNDB: JVNDB-2020-015495 // CNNVD: CNNVD-202101-1152 // NVD: CVE-2020-29494

SOURCES

db:	VULHUB	id:	VHN-376198
db:	JVNDB	id:	JVNDB-2020-015495
db:	CNNVD	id:	CNNVD-202101-1152
db:	NVD	id:	CVE-2020-29494

LAST UPDATE DATE

2024-11-23T22:25:12.966000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-376198	date:	2021-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-015495	date:	2021-09-29T08:18:00
db:	CNNVD	id:	CNNVD-202101-1152	date:	2021-01-22T00:00:00
db:	NVD	id:	CVE-2020-29494	date:	2024-11-21T05:24:06.663

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-376198	date:	2021-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-015495	date:	2021-09-29T00:00:00
db:	CNNVD	id:	CNNVD-202101-1152	date:	2021-01-14T00:00:00
db:	NVD	id:	CVE-2020-29494	date:	2021-01-14T21:15:13.507