Zero-Day Vulnerabilities in Dell EMC Data Protection Suite Family Products Disclosed by Digital Defense, Inc. Researchers

By Fortra's Digital Defense

January 5, 2018 – Digital Defense, Inc., a leading security technology and services provider today announced that its Vulnerability Research Team (VRT) uncovered three previously undisclosed vulnerabilities within Dell EMC Data Protection Suite Family products. Combining the three identified vulnerabilities, full compromise of the affected system is possible by modifying the configuration file.

Mike Cotton, Vice President of Engineering at Digital Defense said, “Dell EMC has been extremely prompt and diligent in addressing the vulnerabilities. Working closely with Digital Defense engineering staff, Dell EMC identified additional product versions impacted and collaborated to resolve and verify the fixes for the security issues.”

What You Can Do

Dell EMC Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance contain a common component, Avamar Installation Manager (AVI), which is vulnerable to the disclosed vulnerabilities. Dell EMC has released security fixes to address these vulnerabilities. The security fixes can be obtained through security advisory ESA-2018-001 (requires Dell EMC Online Support credentials).  Digital Defense’s Frontline Vulnerability Manager™ includes a check for the vulnerabilities.

 
Digital Defense Research Methodology and Practices
The Digital Defense VRT regularly works with organizations in the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT when coupled with the company’s next generation hybrid cloud platform, Frontline Vulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and then assists, wherever possible, with the vendor’s remediation actions.
 

About Digital Defense Serving clients across numerous industries, from small businesses to very large enterprises, Digital Defense’s innovative and leading edge technology helps organizations safeguard sensitive data and eases the burdens associated with information security. Frontline Vulnerability Manager™, the original Vulnerability Management as a Service (VMaaS) platform, delivers consistently accurate vulnerability scanning and penetration testing. The Digital Defense Frontline suite of products, underpinned by patented technology and complemented with unparalleled service and support, are highly-regarded by industry experts, as illustrated by the company’s designation as Best Scan Engine by Frost & Sullivan, top 20 ranking (#16) in Cybersecurity Ventures’ list of the World’s 500 Hottest Cybersecurity Companies, five-star review in SC Magazine, and inclusion in CRN’s MSP 500 Contact Digital Defense at 888-273-1412; visit www.digitaldefense.com, our blog, LinkedIn, or follow @Digital_Defense on Twitter.

Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. All trademarks are the properties of their respective owners.

###

Try Frontline.Cloud™ with a Free 14-Day Evaluation

Share This