Vulnerability Details : CVE-2016-0906
The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.
Products affected by CVE-2016-0906
- cpe:2.3:a:emc:avamar:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-0906
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0906
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-0906
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0906
-
http://seclists.org/bugtraq/2016/Jul/33
Bugtraq: ESA-2016-054: EMC Avamar Data Store and Avamar Virtual Edition Unauthorized Data Access Vulnerability
-
http://www.securitytracker.com/id/1036235
EMC Avamar Backup Restoration Flaw Lets Remote Authenticated Users Read and Delete Files on the Target System - SecurityTracker
Jump to