Vulnerability Details : CVE-2021-36317
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
Products affected by CVE-2021-36317
- cpe:2.3:a:dell:emc_avamar_server:19.4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:emc_powerprotect_data_protection_appliance:2.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-36317
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-36317
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST | |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
Dell |
CWE ids for CVE-2021-36317
-
Storing a password in plaintext may result in a system compromise.Assigned by: security_alert@emc.com (Secondary)
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-36317
-
https://security.gentoo.org/glsa/202210-09
Rust: Multiple Vulnerabilities (GLSA 202210-09) — Gentoo securityThird Party Advisory
-
https://www.dell.com/support/kbdoc/000193369
DSA-2021-204: Dell EMC Avamar, Dell EMC NetWorker Virtual Edition (NVE), and Dell EMC PowerProtect DP Series Appliance or Dell EMC Integrated Data Protection Appliance (IDPA) Security Update for MultiPatch;Vendor Advisory
Jump to