Deserialization of Untrusted Data Vulnerability in Dell EMC Avamar Server and Integrated Data Protection Appliance
CVE-2020-5341

9.8CRITICAL

Key Information:

Vendor: Dell
Status: Avamar Virtual Edition
Vendor: CVE Published:; 28 July 2021

Summary

A deserialization of untrusted data vulnerability exists in specific versions of Dell EMC Avamar Server and Integrated Data Protection Appliance. This security issue allows a remote unauthenticated attacker to exploit the vulnerability by sending a crafted serialized payload, which could lead to unauthorized code execution on the affected systems. Organizations using these products should take immediate steps to apply the necessary patches to mitigate potential risks.

Affected Version(s)

Avamar Virtual Edition < unspecified

References

https://www.dell.com/support/security/en-us/details/54167...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 28, 2021
Vulnerability Reserved
Jan 3, 2020