Recent vulnerabilities that affect certain Dell EMC data protection products have been identified and patches are now available for download.
A set of three vulnerabilities discovered earlier by the Digital Defense Inc. security company, that were identified on Dell EMC’s Data Protection Suite Family products have been now officially patched. Dell EMC has already made these patches available for download and is instructing their users to apply them.
Dubbed as the Avamar Zero-Day vulnerabilities, the three are user authentication vulnerabilities which could allow attackers to obtained stored information. The affected products include the Dell EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4. x, 7.5.0, the NetWorker Virtual Edition 0.x, 9.1.x, 9.2.x and the Integrated Data Protection Appliance 2.0.
These issues are unrelated to the recently discovered Meltdown and Spectre issues that affect CPUs but present a big issue considering that they target the Avamar Installation Manager (AVI).
As noted, Digital Defense and Dell EMC have already fixed the issue but those running these Dell EMC products should patch them immediately. Digital Defense has also uncovered a related issue with VMware’s vSphere Data Protection which has been already been patched as well.