BID:104526

Multiple Dell EMC Products CVE-2018-1217 Authentication Bypass Vulnerability

Info

Multiple Dell EMC Products CVE-2018-1217 Authentication Bypass Vulnerability

Bugtraq ID:	104526
Class:	Input Validation Error
CVE:	CVE-2018-1217
Remote:	Yes
Local:	No
Published:	Apr 05 2018 12:00AM
Updated:	Apr 05 2018 12:00AM
Credit:	Kapil Khot from Qualys Vulnerability Signature/Research Team
Vulnerable:	Dell EMC Integrated Data Protection Appliance 2.1 Dell EMC Integrated Data Protection Appliance 2.0 Dell EMC Avamar 7.5 Dell EMC Avamar 7.4.1 Dell EMC Avamar 7.3.1

Not Vulnerable:

Discussion

Multiple Dell EMC Products CVE-2018-1217 Authentication Bypass Vulnerability

Multiple Dell EMC Products are prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks.

The following products and versions are vulnerable:

Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0
Dell EMC Integrated Data Protection Appliance 2.0, and 2.1

Exploit / POC

Multiple Dell EMC Products CVE-2018-1217 Authentication Bypass Vulnerability

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

Solution / Fix

Multiple Dell EMC Products CVE-2018-1217 Authentication Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Multiple Dell EMC Products CVE-2018-1217 Authentication Bypass Vulnerability

References:

Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager (Exploit DB)
Dell Homepage (Dell)
DSA-2018-025: Dell EMC Avamar and Integrated Data Protection Appliance (Seclists.org)