Access Token Reuse Vulnerability in Dell Avamar AUI
CVE-2025-21117

6.6MEDIUM

Key Information:

Vendor: Dell
Status: Avamar
Vendor: CVE Published:; 5 February 2025

Summary

Dell Avamar, starting from version 19.4, is impacted by a vulnerability in the AUI, allowing a low-privileged local attacker to potentially exploit access token reuse. This security flaw could enable attackers to impersonate legitimate users, posing a significant security risk. It is crucial for users of the affected versions to assess their security measures and apply the necessary updates to mitigate this vulnerability.

Affected Version(s)

Avamar 19.4

Avamar 19.7

Avamar 19.8

References

https://www.dell.com/support/kbdoc/en-us/000281275/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Nov 23, 2024