SANS ISC: VMware Affected by Dell EMC Avamar Vulnerability

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

VMware notified us that they released a new security bulletin[1] (rated as "critical") which affects vSphere Data Protection (VDP).

VDP is vulnerable because it is based on Dell EMC Avamar Virtual Edition. Multiple vulnerabilities have been disclosed today in this solution:

• A remote code execution vulnerability (CVE-2018-11066): A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
• An open redirection vulnerability (CVE-2018-11067): A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.

Patches are available for both products.

This is a perfect example of how a product 'A' can affect a product 'B' when technologies are reused across multiple solutions.

[1] https://www.vmware.com/security/advisories/VMSA-2018-0029.html
[2] https://seclists.org/fulldisclosure/2018/Nov/49

Xavier Mertens (@xme)
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key