Multiple Zero-Day Vulnerabilities within EMC Unisphere for VMAX

By Digital Defense Inc.

San Antonio, TX – October 3, 2016 – Digital Defense, Inc. (DDI), a leading provider of Vulnerability Management as a Service, disclosed the discovery of six previously undiscovered security vulnerabilities in EMC Unisphere for VMAX, the web based management interface to provision, manage and monitor VMAX storage systems. The vulnerabilities discovered could allow unauthorized access to arbitrary file retrieval with root privileges and denial of service.

Dell EMC was swift in its collaboration with DDI and has released two security advisories [ESA-2016-121 and ESA-2016-122] to address these vulnerabilities. These security advisories are accessible to customers on the Dell EMC Online Support website. For more details on the Dell EMC Vulnerability Response policy, please visit:


About the Vulnerabilities

Details surrounding the vulnerabilities are available on the DDI website. Additionally, DDI’s patented scanning technology is capable of detecting all of these vulnerabilities with network and authentication-based scans. Free unauthenticated scans to determine if your external internet-facing systems are exposed to these vulnerabilities are available and easy to implement for rapid results.


Digital Defense Research Methodology and Practices

DDI’s Vulnerability Research Team (VRT) regularly works with organizations in the responsible disclosure of zero-day vulnerabilities. The expertise of DDI’s VRT, when coupled with the company’s next generation hybrid cloud platform, FrontlineVulnerability Manager, enables our early detection capabilities. When zero-days are discovered and internally validated, our VRT immediately contacts the IT platform supplier to notify the organization of the new finding(s) and then VRT assists, wherever possible, with the IT platform supplier’s remediation actions.

“Our team continues to uncover zero-day vulnerabilities, which demonstrates the power of our technology and excellent research capabilities,” states Larry Hurtado, DDI president and CEO. “Our commitment is to stay one step ahead of cybercriminals to ensure the utmost security of our clients and to make the general community aware of issues that could potentially threaten their security.”

Try Frontline.Cloud™ with a Free 14-Day Evaluation

Share This