CVE-2017-15548

Name: CVE-2017-15548
Creator: NVD / NIST
Published: 2018-01-05T17:29:00.223+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.70%

Last modified Jun 17, 2026

CVE-2017-15548 is a vulnerability of currently unknown severity. An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.. EPSS estimates a 4.70% chance of exploitation in the next 30 days.

Description

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.

Metrics

EPSS Probability

4.70%

90.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-287

Affected Software

Vendor	Product	Versions	Update
Emc	Avamar Server	7.1-21	Sp2
Emc	Avamar Server	7.1-145	Sp1
Emc	Avamar Server	7.1-302	—
Emc	Avamar Server	7.1-370	—
Emc	Avamar Server	7.2-32	Sp1
Emc	Avamar Server	7.2-309	—
Emc	Avamar Server	7.2-401	—
Emc	Avamar Server	7.3-125	Sp1
Emc	Avamar Server	7.3-211	—
Emc	Avamar Server	7.3-226	—
Emc	Avamar Server	7.3-233	—
Emc	Avamar Server	7.4-58	Sp1
Emc	Avamar Server	7.4-242	—
Emc	Avamar Server	7.5-183	—
Emc	Integrated Data Protection Appliance	2.0	—
Emc	Networker	9.0	—
Emc	Networker	9.1	—
Emc	Networker	9.2	—

References

http://seclists.org/fulldisclosure/2018/Jan/17Issue Tracking, Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/102352Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040070Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2018/Jan/17Issue Tracking, Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/102352Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040070Third Party Advisory, VDB Entry

Timeline

Published: Jan 5, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-15548?

How severe is CVE-2017-15548?

Severity scoring for CVE-2017-15548 is pending analysis. The EPSS model estimates a 4.70% probability of exploitation in the next 30 days.

How do I fix CVE-2017-15548?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-15548?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST