CVE-2017-15549

Name: CVE-2017-15549
Creator: NVD / NIST
Published: 2018-01-05T17:29:00.253+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.53%

Last modified Jun 17, 2026

CVE-2017-15549 is a vulnerability of currently unknown severity. An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.. EPSS estimates a 5.53% chance of exploitation in the next 30 days.

Description

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.

Metrics

EPSS Probability

5.53%

91.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-434

Affected Software

Vendor	Product	Versions	Update
Emc	Avamar Server	7.1-21	Sp2
Emc	Avamar Server	7.1-145	Sp1
Emc	Avamar Server	7.1-302	—
Emc	Avamar Server	7.1-370	—
Emc	Avamar Server	7.2-32	Sp1
Emc	Avamar Server	7.2-309	—
Emc	Avamar Server	7.2-401	—
Emc	Avamar Server	7.3-125	Sp1
Emc	Avamar Server	7.3-211	—
Emc	Avamar Server	7.3-226	—
Emc	Avamar Server	7.3-233	—
Emc	Avamar Server	7.4-58	Sp1
Emc	Avamar Server	7.4-242	—
Emc	Avamar Server	7.5-183	—
Emc	Integrated Data Protection Appliance	2.0	—
Emc	Networker	9.0	—
Emc	Networker	9.1	—
Emc	Networker	9.2	—

References

http://seclists.org/fulldisclosure/2018/Jan/17Issue Tracking, Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/102363Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040070Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2018/Jan/17Issue Tracking, Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/102363Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040070Third Party Advisory, VDB Entry

Timeline

Published: Jan 5, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-15549?

How severe is CVE-2017-15549?

Severity scoring for CVE-2017-15549 is pending analysis. The EPSS model estimates a 5.53% probability of exploitation in the next 30 days.

How do I fix CVE-2017-15549?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-15549?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST