Está usted visitando una publicación en la hemeroteca de CSIRT-CV.
Para acceder al portal y contenido actual, visite https://www.csirtcv.gva.es
26/06/2020
La vulnerabilitat detectada en Dell Power Protect Data Manager (PPDM) i Dell Power Protect X400 permetria a un atacant, autenticat remotament, la descàrrega de qualsevol arxiu de les màquines virtuals Power Protect afectades.
A més, diverses actualitzacions de seguretat corregeixen les vulnerabilitats oposades en diversos components dins de Dell EMC Avamar i NetWorker.
Sistemes Afectats:• Dell EMC Avamar Server, hardware appliance Gen4S, versions 7.4 i posteriors, en SUSE Linux Enterprise 11SP1;
• Dell EMC Avamar Server, hardware appliance Gen4T, versions 7.4 i posteriors, en SUSE Linux Enterprise 11SP3;
• Dell EMC Avamar Server, hardware appliance Gen4S/Gen4T, versions 7.4 i posteriors, en SUSE Linux Enterprise 11SP4;
• Dell EMC Avamar Server, hardware appliance Gen4S/Gen4T, versions 19.2, en SUSE Linux Enterprise 12SP4;
• Dell EMC Avamar Server, hardware applianceGen4S/Gen4T, versions 19.3, en SUSE Linux Enterprise 12SP5;
• Dell EMC Avamar Virtual Edition, versions 7.4 i posteriors, en SUSE Linux Enterprise 11SP3;
• Dell EMC Avamar Virtual Edition, versions 7.4 i posteriors, en SUSE Linux Enterprise 11SP4 (incloent Azure i AWS deployments des de la 7.5.1);
• Dell EMC Avamar Virtual Edition, versions 19.2, en SUSE Linux Enterprise 12SP4 (incloent Azure i AWS deployments);
• Dell EMC Avamar Virtual Edition, versions 19.3, en SUSE Linux Enterprise 12SP5 (incloent Azure i AWS deployments);
• Dell EMC Avamar NDMP Accelerator, versions 7.4 i posteriors, en SUSE Linux Enterprise 11SP1, SP3 i 12SP4;
• Dell EMC Avamar VMware Image Proxy, versions 7.4 i posteriors, en SUSE Linux Enterprise 11SP1 o SUSE Linux Enterprise 11SP3;
• Dell EMC Avamar VMware Image Proxy, versions 7.5.1 i posteriors, en SUSE Linux Enterprise 12SP1 o SUSE Linux Enterprise 12SP4;
• Dell EMC NetWoker Virtual Edition (NVE), versions 18.x i posteriors, en SUSE Linux Enterprise 11SP3 o SP4;
• Dell EMC vCloud Directe Data Protection Extension, versions 2.0.6 i posteriors, en SUSE Linux Enterprise 11SP3;
• Dell EMC Integrated Data Protection Appliance (IDPA) 2.0, 2.1, 2.2, 2.3, 2.4 i 2.5;
• Dell Power Protect DataManager (PPDM), versions anteriors a 19.4; • Dell Power Protect X400 versions anteriors a 3.2.
Referències:CVE-2020-5356
Solució:Aplicar les actualitzacions següents: