Three Vulnerabilities Within Dell EMC Data Protection Suite Family Products

Digital Defense, Inc., a security technology and services provider, announced that its Vulnerability Research Team (VRT) uncovered three previously undisclosed vulnerabilities within Dell EMC Data Protection Suite family products.

Combining the three identified vulnerabilities, full compromise of the affected system is possible by modifying the configuration file.

What You Can Do
Dell EMC Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance contain a common component, Avamar Installation Manager (AVI), which is vulnerable to the disclosed vulnerabilities. Dell EMC has released security fixes to address these vulnerabilities. The security fixes can be obtained through security advisory ESA-2018-001 (requires Dell EMC Online Support credentials). Digital Defense’s Frontline Vulnerability Manager (registration required) includes a check for the vulnerabilities.

Mike Cotton, VP of engineering, Digital Defense, said: “Dell EMC has been extremely prompt and diligent in addressing the vulnerabilities. Working closely with Digital Defense engineering staff, Dell EMC identified additional product versions impacted and collaborated to resolve and verify the fixes for the security issues.“

Digital Defense Research Methodology and Practices
The VRT regularly works with organizations in the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT when coupled with the company’s next generation hybrid cloud platform, Frontline Vulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and then assists, wherever possible, with the vendor’s remediation actions.