Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

EMC Patches Critical Flaws in VMAX Storage Products

Researchers at vulnerability management services provider Digital Defense have identified a total of six flaws in the administration interface of EMC VMAX enterprise storage products.

Researchers at vulnerability management services provider Digital Defense have identified a total of six flaws in the administration interface of EMC VMAX enterprise storage products.

EMC VMAX is an enterprise storage solution designed for storage area network (SAN) environments. The vulnerabilities found by Digital Defense affect versions 8.0.x through 8.2.x of the VMAX Unisphere web-based management console and the vApp Manager configuration and support tool for VMware deployments. EMC has released patches that address the security holes.

Of the six vulnerabilities, two have been rated critical, while the rest are high severity. The list includes arbitrary file retrieval, denial-of-service (DoS) and command execution issues.

One of the critical flaws is related to vApp Manager’s use of the Action Message Format (AMF) for server communications. While the RemoteServiceHandler class verifies certain types of AMF messages, some types are not validated properly, allowing an attacker to bypass authentication and gain root privileges on the system.

The attacker can exploit this vulnerability to add new admin users and completely compromise the virtual appliance.

The second critical security hole is related to vApp Manager’s use of GetSymmCmdRequest AMF messages. An unauthenticated attacker can execute arbitrary commands with root privileges and hijack the targeted appliance via specially crafted AMF messages.

A similar vulnerability, involving GeneralCmdRequest messages, requires an attacker to authenticate on the system before executing arbitrary commands with root privileges. However, researchers pointed out that they can achieve this by leveraging the first flaw to create a new admin account.

Digital Defense warned that similar attacks can also be carried out via specially crafted GetCommandExecRequest and PersistantDataRequest AMF messages.

An XML External Entity (XXE) flaw found by experts in the Unisphere interface allows unauthenticated attackers to retrieve arbitrary text files from the virtual appliance. The same weakness (CVE-2016-2340) can also be leveraged to cause a DoS condition.

Related: Dell Finalizes Huge EMC Deal to Become Tech Titan

Related: LG NAS Devices Exposed to Remote Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...