CVE-2016-10730
7.8
HIGH
CVSS 3.1
EPSS 0.11%
Description
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.
How to fix CVE-2016-10730
To remediate CVE-2016-10730, upgrade the affected package to a fixed version below.
- —upgrade to 1:3.3.9-1 or later
Is CVE-2016-10730 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:3.3.9-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |