• Solutions
    • Solutions


    • Scan
    • Analyze
    • Score
    • Automate
    • What is on my network?
      Quickly, comprehensively and accurately assess endpoints and servers for operating system and application vulnerabilities.
    • Which assets are at risk, and what should I do about their vulnerabilities?
      Identify which assets are at risk and receive actionable intelligence to reduce workload and increase effectiveness.
    • How do I measure my overall risk and where should I focus remediation efforts?
      Benefit from a clear, easy-to-understand metric to determine your organization’s security posture.
    • How can I integrate Frontline vulnerability findings into my security workflow?
      Easily integrate discovered, analyzed, scored, and prioritized vulnerabilities into leading security workflow management platforms and SIEMs.
    • Test
    • Educate
    • Compliance
    • How do I assess where I’m exposed from an attacker’s perspective?
      Assess your “network attack surface” and your “personnel attack surface”.
    • How do I ensure all personnel are cognizant of risky “digital behavior”?
      Increase the security IQ of employees, contractors, and patrons to effectively defend against a security breach.
    • Am I meeting requisite compliance standards? Leverage the expertise of one of the world’s longest tenured PCI Approved Scanning Vendors (ASV) to achieve compliance AND an optimal level of security.
  • Cloud Subscriptions
    • Frontline Cloud Subscriptions


    • Frontline Advanced™
    • Frontline Pro™
    • Frontline PCI Pro™
    • Frontline Advanced is Digital Defense’s flagship vulnerability management offering. Powerful and effective, the service is delivered in a rich, affordable and easy to consume subscription.
    • Frontline Pro provides the same industry leading solution subscription as Frontline Advanced, but adds a Personal Security Analyst (PSA) to help lift the burden of vulnerability management.
    • Frontline Payment Card Industry-Professional (PCI-Pro) service guides businesses through the PCI Data Security Standards (DSS) requirements maze with security expertise and personalized recommendations to achieve compliance.

    • Frontline Pen Test™
    • Frontline WAS Advanced™
    • Frontline Pen Test offers a conveniently packaged sequence of periodic (and scheduled) pen tests into an annual subscription.
    • Frontline Web Application Scanning Advanced (WAS Advanced) as a subscription will provide the highest level of results through a system that is easily deployed and maintained.

  • Platform
    • Platform


    • Frontline RNA™
    • Frontline VM™
    • Frontline WAS™
    • Frontline Reconnaissance Network Appliance (RNA) is a preconfigured network based device used to perform network security assessments without requiring onsite staff.
    • Frontline Vulnerability Manager (VM) is the industry’s most comprehensive, accurate, and easy to use VM platform – bar none.
    • Frontline Web Application Scanning (WAS) has been developed to provide the highest level of dynamic web application testing results through a system that is easily deployed and maintained.

  • Network Security Technologies
    • Technologies


    • DDI NIRV™
    • DDI VRT™
    • DDI DNA™
    • DDI NIRV – the technology core of Frontline RNA™ – works on the principle of real-time event-based tuning. As it learns more about hosts and the network, NIRV adjusts its plugin sets and auditing mechanisms in real time – leading to far more accurate and complete scanning data.

    • While Digital Defense has achieved public acclaim for its superior vulnerability scanning, vulnerability management, and best practice consultative services, we are also actively involved in security threat research.
    • Digital Node Attribution (DNA) is the core technology within Frontline VM that eliminates network drift. As point in time scans from RNA are fed into Frontline Vulnerability Manager™,
  • Professional Services
    • Professional Services


    • Frontline Pen Test Project™
    • Frontline Social Test™
    • Frontline Cyber Threat Management™
    • Understanding and addressing network and host vulnerabilities is, of course, an essential element to strong information security.
    • Social engineering is a popular technique attackers use to gain access to your network and, ultimately, valuable information held by your organization.
    • Frontline Cyber Threat Management solutions offer organizations expert threat intelligence to evaluate their level of risk in the ‘open, deep and dark web’.

    • SecurED™ Training
    • TEAM™
    • Consultative Services
    • SecurED, an entertaining awareness training designed to optimize employee retention of serious security intelligence and best practices.
    • TEAM is a comprehensive online learning management system that helps you address Security Training, Education, and Awareness Module (TEAM™) to reduce risk.

    • As your organization grows in size and complexity, determining exposure to information asset risks becomes more challenging, as does your ability to identify threats and implement effective plans to address them.

  • Get a Quote

Today Digital Defense is publishing six zero-day vulnerabilities found in the Dell EMC VMAX Management Product family that our vulnerability research team discovered and brought to the attention of Dell EMC. Dell EMC has been extremely professional and worked diligently with Digital Defense engineering staff to understand, resolve and verify the fixes for these security issues.

Dell EMC has confirmed they will be releasing an update for these flaws in the near future. Dell EMC follows coordinated disclosure practices and requests that the above information be treated with strict confidentiality until complete resolutions are available for customers and have been published by the EMC Product Security Response Center through the appropriate coordinated disclosure process. For more details on EMC Vulnerability Response Policy see https://www.emc.com/products/security/product-security-response-center.htm. Please contact EMC technical support representatives for further details.

Clients who currently use our Frontline™ VM platform, or prospects using our trial-system to check their external networks, can sweep for the presence of all of these issues by performing a full vulnerability assessment scan.

Details of the vulnerabilities are as follows:
Vendor: EMC
Product: VMAX Management Product Family
Version Tested: 8.1.2.3
Link: http://www.emc.com/storage/symmetrix-vmax/management.htm

Brief product description:

  • Unisphere for VMAX provides a web based management interface to provision, manage and monitor VMAX storage systems.
  • vApp Manager is a configuration and support tool for VMware vApp deployments.

Summary:

  1. DDI-VRT-2016-61: Unauthenticated XML External Entity Injection via Crafted AMF Message (GraniteDS library, CVE-2016-2340) (High)
  2. DDI-VRT-2016-62: Unauthenticated Command Execution in GetSymmCmdRequest via Crafted AMF Message (Critical)
  3. DDI-VRT-2016-63: Authenticated Command Execution in GeneralCmdRequest via Crafted AMF Message (High)
  4. DDI-VRT-2016-64: Authenticated Command Execution in PersistantDataRequest via Crafted AMF Message (High)
  5. DDI-VRT-2016-65: Authenticated Command Execution in GetCommandExecRequest via Crafted AMF Message (High)
  6. DDI-VRT-2016-66: Authentication Bypass in the RemoteServiceHandler Class (Critical)

Vulnerability: Unauthenticated XML External Entity Injection via Crafted AMF Message
(CVE-2016-2340, GraniteDS library, granite-core-2.2.1.GA.jar)

Product versions affected: Unisphere for VMAX 8.0.x – 8.2.x

Impact: Arbitrary file retrieval with root privileges and denial of service.

Details: No authentication is required to exploit this vulnerability. The Unisphere for VMAX application uses the GraniteDS library to provide server side support for the Flash based portion of the Unisphere web application. The version of the library used by the application does not prevent the use of XML external entities which allows an attacker to retrieve arbitrary text files from the virtual appliance with root privileges.

 

Vulnerability: Unauthenticated Command Execution in GetSymmCmdRequest via Crafted AMF Message
Product versions affected: vApp Manager 8.0.x – 8.2.x
Impact: Arbitrary command execution with root privileges, complete compromise of the virtual appliance.

Details: No authentication is required to exploit this vulnerability. The EMC vApp Manager for Unisphere for VMAX web app runs on port 5480 and the Flash based user interface uses the AMF protocol to communicate with the server. The server side implementation is located in EMC_SE_SERVER.jar. The GetSymmCmdRequest AMF message uses 2 parameters, the first is a string array containing the command and it’s arguments and the second is a placeholder for the command output.  The GetSymmCmdCommand class then executes this using the ExecUtil class which calls Java’s Runtime exec method with the string array as the argument before returning the output to the client. No validation is done on the input for this command.

 

Vulnerability: Authenticated Command Execution in GeneralCmdRequest via Crafted AMF Message
Product versions affected: vApp Manager 8.0.x – 8.2.x
Impact: Arbitrary command execution with root privileges, complete compromise of the virtual appliance.

Details: Authentication is required to exploit this vulnerability, however this requirement is easily bypassed using another vulnerability to add a new admin user without authentication. The EMC vApp Manager for Unisphere for VMAX web app runs on port 5480 and the Flash based user interface uses the AMF protocol to communicate with the server. The server side implementation is located in EMC_SE_SERVER.jar. The GeneralCmdRequest AMF message uses 4 parameters, the first is a string array containing the command and it’s arguments, the second is a placeholder for the command output, and the third is an integer representing the request type, and the fourth is an ArrayList used to store the output from parsing a license file if the request type is 47.  The GeneralCmdCommand class then executes this using the ExecUtil class which calls Java’s Runtime exec method with the string array as the argument before returning the output to the client. No validation is done on the input for this command.

 

Vulnerability: Authenticated Command Execution in PersistantDataRequest via Crafted AMF Message
Product versions affected: vApp Manager 8.0.x – 8.2.x
Impact: Arbitrary command execution with root privileges, complete compromise of the virtual appliance.

Details: Authentication is required to exploit this vulnerability, however this requirement is easily bypassed using another vulnerability to add a new admin user without authentication. The EMC vApp Manager for Unisphere for VMAX web app runs on port 5480 and the Flash based user interface uses the AMF protocol to communicate with the server. The server side implementation is located in EMC_SE_SERVER.jar. The PersistantDataRequest AMF message uses 3 parameters, the first is a string array containing the command and it’s arguments, the second is a placeholder for the command output, and the third is an integer representing the request type.  The PersistantDataCommand class then executes this using the ExecUtil class which calls Java’s Runtime exec method with the string array as the argument. No validation is done on the input for this command.

 

Vulnerability: Authenticated Command Execution in GetCommandExecRequest via Crafted AMF Message
Product versions affected: vApp Manager 8.0.x – 8.2.x
Impact: Arbitrary command execution with root privileges, complete compromise of the virtual appliance.

Details: Authentication is required to exploit this vulnerability, however this requirement is easily bypassed using another vulnerability to add a new admin user without authentication. The EMC vApp Manager for Unisphere for VMAX web app runs on port 5480 and the Flash based user interface uses the AMF protocol to communicate with the server. The server side implementation is located in EMC_SE_SERVER.jar. The GetCommandExecRequest AMF message uses 3 parameters, the first is a string array containing the command and it’s arguments, the second is a placeholder for the command output, and the third is an integer representing the request type.  The GetCommandExecCommand class then executes this using the ExecUtil class which calls Java’s Runtime exec method with the string array as the argument before returning the output to the client. No validation is done on the input for this command.

 

Vulnerability: Authentication Bypass in the RemoteServiceHandler Class
Product versions affected: vApp Manager 8.0.x – 8.2.x
Impact: Arbitrary command execution with root privileges, ability to add new admin users, and complete compromise of the virtual appliance.

Details: The EMC vApp Manager for Unisphere for VMAX web app runs on port 5480 and the Flash based user interface uses the AMF protocol to communicate with the server. The server side implementation is located in EMC_SE_SERVER.jar. The RemoteServiceHandler class handles AMF messages using the “executeCommand” operation. This class only verifies that the client session is valid for the GeneralCmdRequest, GetCommandExecRequest, and PersistantDataRequest AMF messages. The lack of session validation by this class for other AMF messages types allows unauthenticated users to bypass authentication and call several other classes such as UserManagementRequest (can be used to add new admin user) and GetSymmCmdRequest (arbitrary root command execution).