EMC Avamar Directory Traversal Vulnerability Fixed by 7.1.2


Description   A directory traversal was reported in EMC Avamar.
A remote attacker could exploit it, via specially crafted string in unspecified parameters, in order to access to files on the system with high privileges.
This vulnerability is exploitable with Avamar Desktop/Laptop client.
     
Vulnerable Products   Vulnerable Software:
Avamar (EMC) - 7.0, 7.1, 7.1.1-145
     
Solution   EMC has released version 7.1.2 of Avamar Server which fixes this vulnerability.
     
CVE   CVE-2015-4527
     
References   - ESA-2015-118: EMC Avamar Directory Traversal Vulnerability
http://seclists.org/bugtraq/2015/Jul/att-110/ESA-2015-118.txt
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-07-22 

 Target Type 
Server 

 Possible exploit 
Remote