Software Engineering Institute

Class 5 AVR

Secure Elements Class 5 AVR (Automated Vulnerability Remediation) is a security product that monitors and enforces security policies on network assets. Class 5 AVR is now known as C5 EVM (Enterprise Vulnerability Management). The Class 5 AVR software includes both server and client components.

Class 5 AVR client

The Class 5 AVR client listens on 60000/udp and an additional tcp port. This client receives commands sent by the Class 5 AVR server.

Class 5 AVR server

The Class 5 AVR server is available as an appliance or as software that runs on commodity hardware. The Class 5 AVR server contains information about network assets, vulnerabilities, and remediation history.

The problem

The Class 5 AVR client is identified by a property called the CEID. This identifier is predictable.

An attacker may be able to leverage the knowledge of a client's CEID to aid in the completion of other attacks on Class 5 AVR.

Upgrade or patch
This issue has been resolved in C5 EVM 2.8.1.