Unauthenticated Remote Access to EMC Avamar Server Software Maintenance Page

Unauthenticated Remote Access to EMC Avamar Server Software Maintenance Page

CVE-2017-4989 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows.

Learn more about our Cis Benchmark Audit For Server Software.