CVE-2019-3752 – This XXE vulnerability in Dell EMC Avamar Serve... (How to Fix)

Q: What is the severity of CVE-2019-3752?

CVE-2019-3752 has a CVSS score of 8.2 (HIGH). This XXE vulnerability in Dell EMC Avamar Server and IDPA allows remote unauthenticated attackers to cause denial of service or information disclosure by sending specially crafted XML requests. Affected systems include Avamar Server versions 7.4.1 through 19.1 and IDPA versions 2.0 through 2.4.

📋 TL;DR

This XXE vulnerability in Dell EMC Avamar Server and IDPA allows remote unauthenticated attackers to cause denial of service or information disclosure by sending specially crafted XML requests. Affected systems include Avamar Server versions 7.4.1 through 19.1 and IDPA versions 2.0 through 2.4.

💻 Affected Systems

Products:

Dell EMC Avamar Server
Dell EMC Integrated Data Protection Appliance (IDPA)

Versions: Avamar Server: 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1; IDPA: 2.0, 2.1, 2.2, 2.3, 2.4

Operating Systems: Not specified - appliance-based

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attacker could read arbitrary files from the server, potentially including sensitive configuration files or credentials, leading to full system compromise.

🟠

Likely Case

Denial of service through resource exhaustion or limited information disclosure from accessible files.

🟢

If Mitigated

No impact if systems are patched or properly firewalled from untrusted networks.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted XML to vulnerable endpoints. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Avamar Server 19.2 and later; IDPA 2.5 and later

Vendor Advisory: https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability

Restart Required: Yes

Instructions:

1. Download latest patches from Dell support portal. 2. Apply patches according to Dell documentation. 3. Restart affected services. 4. Verify patch installation.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Avamar/IDPA management interfaces to trusted IPs only

XML Input Validation

all

Implement XML schema validation and disable external entity processing in XML parsers

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor for unusual XML traffic patterns and file access attempts

🔍 How to Verify

Check if Vulnerable:

Check Avamar/IDPA version against affected versions list. If running affected version and exposed to network, assume vulnerable.

Check Version:

Check via Avamar/IDPA web interface or administrative console

Verify Fix Applied:

Verify version is Avamar Server 19.2+ or IDPA 2.5+. Test with controlled XXE payload if possible.

📡 Detection & Monitoring

Log Indicators:

Unusual XML parsing errors
Multiple failed XML requests
File access attempts via XML parsing

Network Indicators:

XML requests with DTD declarations
External entity references in XML

SIEM Query:

source="avamar" AND (xml OR dtd OR xxe) AND (error OR fail OR exception)

📊 Metadata

CVE ID: CVE-2019-3752

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE: CWE-611

Published: July 16, 2021

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-3752, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Emc Avamar Server by Dell

Emc Avamar Server by Dell

Emc Avamar Server by Dell

Emc Avamar Server by Dell

Emc Avamar Server by Dell

Emc Integrated Data Protection Appliance by Dell

Emc Integrated Data Protection Appliance by Dell

Emc Integrated Data Protection Appliance by Dell

Emc Integrated Data Protection Appliance by Dell

Emc Integrated Data Protection Appliance by Dell

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

XML Input Validation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities