Dell EMC patches vulnerabilities in its data protection products

Researchers have discovered several vulnerabilities in Dell EMC’s data protection products that would allow an attacker to gain full control of the system. Fortunately, a fix is available now for download.

The vulnerabilities, three in all, were disclosed on Jan. 4 by the security technology and services firm Digital Defense. They effect Dell EMC’s Avamar Server, NetWorker Virtual Edition, and Integrated Data Protection Appliance, which use a common component called Avamar Installation Manager. This is the problematic app.

In addition to this, a related problem in the VMware vSphere Data Protection backup product has also been uncovered, but it has already been patched.

How attackers could exploit the vulnerabilities

Through the vulnerabilities in user authentication, attackers could obtain information stored inside the appliances, such as server data.

Leave a Reply

Your email address will not be published. Required fields are marked *