Details of VAR-202101-0518

ID

VAR-202101-0518

CVE

CVE-2020-29495

TITLE

DELL EMC Avamar Server In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-015496

DESCRIPTION

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. DELL Dell EMC Avamar Server is a set of fully virtualized backup and recovery software for servers from Dell (DELL)

Trust: 1.71

sources: NVD: CVE-2020-29495 // JVNDB: JVNDB-2020-015496 // VULHUB: VHN-376199

AFFECTED PRODUCTS

vendor:	dell	model:	emc avamar server	scope:	eq	version:	19.3	Trust: 1.0
vendor:	dell	model:	emc avamar server	scope:	eq	version:	19.1	Trust: 1.0
vendor:	dell	model:	emc avamar server	scope:	eq	version:	19.2	Trust: 1.0
vendor:	dell	model:	emc integrated data protection appliance	scope:	eq	version:	2.6	Trust: 1.0
vendor:	dell	model:	emc integrated data protection appliance	scope:	eq	version:	2.5	Trust: 1.0
vendor:	デル	model:	dell emc avamar server	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell emc integrated data protection appliance	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015496 // NVD: CVE-2020-29495

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29495
value:	CRITICAL
Trust: 1.0
security_alert@emc.com:	CVE-2020-29495
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-29495
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202101-1151
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-376199
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-29495
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-376199
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-29495
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-015496
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-376199 // JVNDB: JVNDB-2020-015496 // CNNVD: CNNVD-202101-1151 // NVD: CVE-2020-29495 // NVD: CVE-2020-29495

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	CWE-22	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-376199 // JVNDB: JVNDB-2020-015496 // NVD: CVE-2020-29495

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1151

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1151

PATCH

title:	DSA-2020-272 Dell EMC Avamar Server Security Update for Multiple Vulnerabilities	url:	https://www.dell.com/support/kbdoc/ja-jp/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	DELL Dell EMC Avamar Server Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139246	Trust: 0.6

sources: JVNDB: JVNDB-2020-015496 // CNNVD: CNNVD-202101-1151

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29495	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-015496	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-1151	Trust: 0.7
db:	VULHUB	id:	VHN-376199	Trust: 0.1

sources: VULHUB: VHN-376199 // JVNDB: JVNDB-2020-015496 // CNNVD: CNNVD-202101-1151 // NVD: CVE-2020-29495

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29495	Trust: 1.4
url:	https://vigilance.fr/vulnerability/dell-emc-avamar-server-three-vulnerabilities-34355	Trust: 0.6

sources: VULHUB: VHN-376199 // JVNDB: JVNDB-2020-015496 // CNNVD: CNNVD-202101-1151 // NVD: CVE-2020-29495

SOURCES

db:	VULHUB	id:	VHN-376199
db:	JVNDB	id:	JVNDB-2020-015496
db:	CNNVD	id:	CNNVD-202101-1151
db:	NVD	id:	CVE-2020-29495

LAST UPDATE DATE

2024-11-23T23:04:07.620000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-376199	date:	2021-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-015496	date:	2021-09-29T08:18:00
db:	CNNVD	id:	CNNVD-202101-1151	date:	2021-01-22T00:00:00
db:	NVD	id:	CVE-2020-29495	date:	2024-11-21T05:24:06.830

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-376199	date:	2021-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-015496	date:	2021-09-29T00:00:00
db:	CNNVD	id:	CNNVD-202101-1151	date:	2021-01-14T00:00:00
db:	NVD	id:	CVE-2020-29495	date:	2021-01-14T21:15:13.600