[SingCERT] Advisory On Critical Zero-day Vulnerabilities Within Dell EMC Data Protection Suite

Published on Tuesday, 09 January 2018 20:14

Background

On 5 January 2018, a group of security researchers published the discovery of a set of critical zero-day vulnerabilities within the Dell EMC Data Protection Suite Family products, which authorises attackers to fully compromise systems. The Dell EMC Data Protection Suite is a product set for enterprises to protect data and critical applications.

The first vulnerability, CVE-2017-15548, is an authentication bypass bug in the software's SecurityService. It allows attackers to remotely target the server and trick the authentication service into giving them administrator rights. The second vulnerability, CVE-2017-15549, allows attackers to remotely upload arbitrary maliciously crafted files to arbitrary locations in UserInputService with root privileges. The third bug, CVE-2017-15550, is an authenticated arbitrary file access issue in UserInputService and it allows attackers to remotely access and download any arbitrary files on the server file system.

Affected Products

  • Dell EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0
  • NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x
  • Integrated Data Protection Appliance 2.0
Impact

An attacker who has successfully exploited these vulnerabilities can gain control of the system and perform a variety of malicious tasks remotely such as uploading malicious files and downloading any files in the system. When all three vulnerabilities are combined, the attacker is able to modify the configuration file and completely compromise the affected system.

Recommendations

Dell has released security fixes to address these vulnerabilities. Administrators are advised to download the fixes from here (requires Dell EMC Online Support credentials).

References

https://www.theregister.co.uk/2018/01/05/dell_data_protection_suite_patched/