My next class:
Reverse-Engineering Malware: Advanced Code AnalysisOnline | British Summer TimeJul 28th - Aug 1st 2025

VMware Affected by Dell EMC Avamar Vulnerability

Published: 2018-11-20. Last Updated: 2018-11-20 21:59:45 UTC
by Xavier Mertens (Version: 1)
0 comment(s)

VMware notified us that they released a new security bulletin[1] (rated as "critical") which affects vSphere Data Protection (VDP).

VDP is vulnerable because it is based on Dell EMC Avamar Virtual Edition. Multiple vulnerabilities have been disclosed today in this solution:

  • A remote code execution vulnerability (CVE-2018-11066): A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
  • An open redirection vulnerability (CVE-2018-11067): A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.

Patches are available for both products.

This is a perfect example of how a product 'A' can affect a product 'B' when technologies are reused across multiple solutions.

[1] https://www.vmware.com/security/advisories/VMSA-2018-0029.html
[2] https://seclists.org/fulldisclosure/2018/Nov/49

Xavier Mertens (@xme)
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key

Keywords: Avamar Dell VMware Vulnerabiblity
0 comment(s)
My next class:
Reverse-Engineering Malware: Advanced Code AnalysisOnline | British Summer TimeJul 28th - Aug 1st 2025

Comments

Login here to join the discussion.


Top of page
Diary Archives