Zero-Day Vulnerabilities In Dell EMC Data Protection Suite Family Products Disclosed by Digital Defense, Inc. Researchers

By   ISBuzz Team
Writer , Information Security Buzz | Jan 08, 2018 02:00 am PST

Digital Defense, Inc., a leading security technology and services provider today announced that its Vulnerability Research Team (VRT) uncovered three previously undisclosed vulnerabilities within Dell EMC Data Protection Suite Family products. Combining the three identified vulnerabilities, full compromise of the affected system is possible by modifying the configuration file.

What You Can Do

Dell EMC Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance contain a common component, Avamar Installation Manager (AVI), which is vulnerable to the disclosed vulnerabilities. Dell EMC has released security fixes to address these vulnerabilities. The security fixes can be obtained through security advisory ESA-2018-001(requires Dell EMC Online Support credentials).   Digital Defense’s Frontline Vulnerability Manager™ includes a check for the vulnerabilities.

Mike Cotton, Vice President of Engineering at Digital Defense said, “Dell EMC has been extremely prompt and diligent in addressing the vulnerabilities. Working closely with Digital Defense engineering staff, Dell EMC identified additional product versions impacted and collaborated to resolve and verify the fixes for the security issues.”

Digital Defense Research Methodology and Practices

The Digital Defense VRT regularly works with organizations in the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT when coupled with the company’s next generation hybrid cloud platform, Frontline Vulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and then assists, wherever possible, with the vendor’s remediation actions.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x