Detections
Analytics

Dell Avamar / AVE < 19.10 Hotfix 338869 Multiple Vulnerabilities (DSA-2024-489)

high Nessus Plugin ID 213006

Synopsis

A backup solution running on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Dell Avamar or Avamar Virtual Edition (AVE) software running on the remote host is 19.x prior to 19.10 Hotfix 338869 (19.10.0.166). It is, therefore, affected by multiple vulnerabilities:

- Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. (CVE-2024-47977)

 - Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. (CVE-2024-47484)

 - Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. (CVE-2024-52538) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to EMC Avamar ADS / AVE version 7.3.1 Hotfix 290316 (7.3.1.125) / 7.4.1 Hotfix 291882 (7.4.1.58) / 7.5.0 Hotfix 291881 (7.5.0.183) or later.

See Also

http://www.nessus.org/u?27c4c1fe

Plugin Details

Severity: High

ID: 213006

File Name: emc_avamar_dsa-2024-489.nasl

Version: 1.1

Type: combined

Family: Misc.

Published: 12/13/2024

Updated: 12/13/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:P

CVSS Score Source: CVE-2024-47484

CVSS v3

Risk Factor: High

Base Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Vulnerability Information

CPE: cpe:/a:emc:avamar, cpe:/a:emc:avamar_server_virtual_edition, cpe:/a:emc:avamar_data_store

Required KB Items: installed_sw/EMC Avamar

Patch Publication Date: 12/10/2024

Vulnerability Publication Date: 12/10/2024

Reference Information

CVE: CVE-2024-47484, CVE-2024-47977, CVE-2024-52538

IAVA: 2024-A-0795