CVE-2020-5341
high-risk
Published 2021-07-28
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system.
Do I need to act?
!
12.7% chance of exploitation in next 30 days
EPSS score — higher than 87% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (13)
Emc Integrated Data Protection Appliance Firmware
Emc Integrated Data Protection Appliance Firmware
Emc Integrated Data Protection Appliance Firmware
Emc Integrated Data Protection Appliance Firmware
Emc Integrated Data Protection Appliance Firmware
Emc Integrated Data Protection Appliance Firmware
Affected Vendors
61
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
12/34 · Low
Exposure
17/34 · Moderate