Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: VMware Affected by Dell EMC Avamar Vulnerability SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
VMware Affected by Dell EMC Avamar Vulnerability

VMware notified us that they released a new security bulletin[1] (rated as "critical") which affects vSphere Data Protection (VDP).

VDP is vulnerable because it is based on Dell EMC Avamar Virtual Edition. Multiple vulnerabilities have been disclosed today in this solution:

  • A remote code execution vulnerability (CVE-2018-11066): A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
  • An open redirection vulnerability (CVE-2018-11067): A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.

Patches are available for both products.

This is a perfect example of how a product 'A' can affect a product 'B' when technologies are reused across multiple solutions.

[1] https://www.vmware.com/security/advisories/VMSA-2018-0029.html
[2] https://seclists.org/fulldisclosure/2018/Nov/49

Xavier Mertens (@xme)
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Amsterdam August 2020 Part 2

Xme

532 Posts
ISC Handler
Nov 20th 2018

Sign Up for Free or Log In to start participating in the conversation!