Zero-Day Vulnerabilities In Dell EMC Data Protection Suite Family Products Disclosed by Digital Defense, Inc. Researchers

Digital Defense, Inc., a leading security technology and services provider today announced that its Vulnerability Research Team (VRT) uncovered three previously undisclosed vulnerabilities within Dell EMC Data Protection Suite Family products. Combining the three identified vulnerabilities, full compromise of the affected system is possible by modifying the configuration file.

What You Can Do

Dell EMC Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance contain a common component, Avamar Installation Manager (AVI), which is vulnerable to the disclosed vulnerabilities. Dell EMC has released security fixes to address these vulnerabilities. The security fixes can be obtained through security advisory ESA-2018-001(requires Dell EMC Online Support credentials).   Digital Defense’s Frontline Vulnerability Manager™ includes a check for the vulnerabilities.

Mike Cotton, Vice President of Engineering at Digital Defense said, “Dell EMC has been extremely prompt and diligent in addressing the vulnerabilities. Working closely with Digital Defense engineering staff, Dell EMC identified additional product versions impacted and collaborated to resolve and verify the fixes for the security issues.”

Digital Defense Research Methodology and Practices

The Digital Defense VRT regularly works with organizations in the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT when coupled with the company’s next generation hybrid cloud platform, Frontline Vulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and then assists, wherever possible, with the vendor’s remediation actions.