Sunday , 25 March 2018
Home >> N >> NEWS >> Dell EMC Protection Suite vulnerabilities identified and fast fixed

Dell EMC Protection Suite vulnerabilities identified and fast fixed

A disadvantage in Dell EMC’s Data Protection Suite can be leveraged to totally take over a system, Digital Defense has said.

Researchers during a confidence association pronounced that they were behaving a ‘routine’ check and indicate of a program suite, that is designed to strengthen information and applications in vast enterprises, when they found a flaws and sent them to Dell EMC.

Yes, flaws. The Vulnerability Research Team detected 3 apart weaknesses, that can be total to concede a influenced complement by modifying a pattern file.

The initial disadvantage is an authentication bypass bug famous as CVE-2017-15548, that can be used to remotely aim a server and pretence a authentication use into giving them director rights.

Second is CVE-2017-15549, by that real users can download capricious files with base privileges. A multiple of programming factors means that any record can be downloaded.

Authenticated users can use a third vulnerability, CVE-2017-15550, to upload capricious files to capricious locations in a UserInputService with base privileges. This, total with a other flaws, can lead to a full concede of a system.

Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance are receptive to a exploit, all of that enclose a common exposed member (Avamar Installation Manager). Dell EMC has expelled confidence fixes to residence a problems, that can be reached by confidence advisory ESA-2018-001 (requires Dell EMC Online Support credentials).

Mike Cotton, VP of engineering during Digital Defense, praised Dell EMC’s response: “Dell EMC has been intensely prompt and committed in addressing a vulnerabilities,” he said. “Working closely with Digital Defense engineering staff, Dell EMC identified additional product versions impacted and collaborated to solve and determine a fixes for a confidence issues.”

Further reading



  • <!–

  • Save this article

  • –>

==[ Click Here 1X ] [ Close ]==