VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 21, 2021· Updated Sep 17, 2024

CVE-2021-36318

CVE-2021-36318

Description

Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dell EMC Avamar versions 18.2 through 19.4 store passwords in plain text, allowing a high-privileged local attacker to cause a complete outage.

Vulnerability

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain a plain-text password storage vulnerability [1]. The affected component is not specified in the available references, but the vulnerability resides in the storage of passwords in an unencrypted form. This requires high privileges to exploit.

Exploitation

An attacker with high privileges (e.g., administrative access) on the local system can exploit this vulnerability by accessing the stored plain-text passwords [1]. The CVSS vector indicates local access (AV:L) and low complexity (AC:L), with no user interaction required (UI:N). The exact steps are not detailed, but the attacker would need to read the password storage location.

Impact

Successful exploitation leads to a complete outage of the Avamar server [1]. The CVSS score of 6.7 indicates high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The attacker can potentially use the exposed credentials to further compromise the system.

Mitigation

Dell has released a security update as part of DSA-2021-204 [1]. Users should apply the latest patches from Dell. The fixed versions are not explicitly listed in the reference, but upgrading to the latest supported version is recommended. No workaround is mentioned.

References
  1. DSA-2021-204: Dell EMC Avamar, Dell EMC NetWorker Virtual Edition (NVE), and Dell EMC PowerProtect DP Series Appliance or Dell EMC Integrated Data Protection Appliance (IDPA) Security Update for Multiple Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Dell/EMC Avamarllm-create2 versions
    18.2, 19.1, 19.2, 19.3, 19.4+ 1 more
    • (no CPE)range: 18.2, 19.1, 19.2, 19.3, 19.4
    • (no CPE)range: unspecified

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.