Dell EMC Protection Suite vulnerabilities identified and quickly fixed

Digital Defense flagged the weaknesses up to Dell EMC

A vulnerability in Dell EMC's Data Protection Suite can be leveraged to completely take over a system, Digital Defense has said.

Researchers at the security company said that they were performing a ‘routine' check and scan of the software suite, which is designed to protect data and applications in large enterprises, when they found the flaws and sent them to Dell EMC.

Yes, flaws. The Vulnerability Research Team discovered three separate weaknesses, which can be combined to compromise the affected system by modifying the configuration file.

The first vulnerability is an authentication bypass bug known as CVE-2017-15548, which can be used to remotely target the server and trick the authentication service into giving them administrator rights.

Second is CVE-2017-15549, through which authenticated users can download arbitrary files with root privileges. A combination of programming factors means that any file can be downloaded.

Authenticated users can use the third vulnerability, CVE-2017-15550, to upload arbitrary files to arbitrary locations in the UserInputService with root privileges. This, combined with the other flaws, can lead to a full compromise of the system.

Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance are susceptible to the exploit, all of which contain a common vulnerable component (Avamar Installation Manager). Dell EMC has released security fixes to address the problems, which can be reached through security advisory ESA-2018-001 (requires Dell EMC Online Support credentials).

Mike Cotton, VP of engineering at Digital Defense, praised Dell EMC's response: "Dell EMC has been extremely prompt and diligent in addressing the vulnerabilities," he said. "Working closely with Digital Defense engineering staff, Dell EMC identified additional product versions impacted and collaborated to resolve and verify the fixes for the security issues."