CVE-2021-36317

Vulnerability

CVE-2021-36317 is a plain-text password storage vulnerability in the AvInstaller component of Dell EMC Avamar Server version 19.4. The software stores certain user credentials in an unencrypted (plain-text) format, violating secure storage practices. This flaw affects only Avamar Server 19.4 [1].

Exploitation

An attacker must have local access to the affected Avamar Server and sufficient privileges to read the stored configuration files. No special network position or user interaction is required beyond local authentication. The attacker can locate the plain-text credentials within the AvInstaller data and extract them [1].

Impact

Successful exploitation leads to disclosure of user credentials. The attacker can then use those credentials to access the vulnerable application or other associated services with the privileges of the compromised account. Because the attacker already has local access, the additional credential exposure may allow privilege escalation or lateral movement within the environment. The CVSS 3.1 vector (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) indicates potential for high confidentiality, integrity, and availability impact [1].

Mitigation

Dell has released a security update as part of DSA-2021-204 on 2021-12-21. Users should upgrade to the fixed version of Dell EMC Avamar Server or apply the vendor-provided patch. The advisory does not note any interim workaround. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].