Researchers at vulnerability management services provider Digital Defense have identified a total of six flaws in the administration interface of EMC VMAX enterprise storage products.
EMC VMAX is an enterprise storage solution designed for storage area network (SAN) environments. The vulnerabilities found by Digital Defense affect versions 8.0.x through 8.2.x of the VMAX Unisphere web-based management console and the vApp Manager configuration and support tool for VMware deployments. EMC has released patches that address the security holes.
Of the six vulnerabilities, two have been rated critical, while the rest are high severity. The list includes arbitrary file retrieval, denial-of-service (DoS) and command execution issues.
One of the critical flaws is related to vApp Manager’s use of the Action Message Format (AMF) for server communications. While the RemoteServiceHandler class verifies certain types of AMF messages, some types are not validated properly, allowing an attacker to bypass authentication and gain root privileges on the system.
The attacker can exploit this vulnerability to add new admin users and completely compromise the virtual appliance.
The second critical security hole is related to vApp Manager’s use of GetSymmCmdRequest AMF messages. An unauthenticated attacker can execute arbitrary commands with root privileges and hijack the targeted appliance via specially crafted AMF messages.
A similar vulnerability, involving GeneralCmdRequest messages, requires an attacker to authenticate on the system before executing arbitrary commands with root privileges. However, researchers pointed out that they can achieve this by leveraging the first flaw to create a new admin account.
Digital Defense warned that similar attacks can also be carried out via specially crafted GetCommandExecRequest and PersistantDataRequest AMF messages.
An XML External Entity (XXE) flaw found by experts in the Unisphere interface allows unauthenticated attackers to retrieve arbitrary text files from the virtual appliance. The same weakness (CVE-2016-2340) can also be leveraged to cause a DoS condition.
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
