Digital Defense, Inc. Discovers Multiple Zero-Day Vulnerabilities Within EMC Unisphere for VMAX

  • Share:
October 03, 2016
Digital Defense, Inc. (DDI), a leading provider of Vulnerability Management as a Service, disclosed the discovery of six previously undiscovered security vulnerabilities in EMC Unisphere for VMAX, the web based management interface to provision, manage and monitor VMAX storage systems. The vulnerabilities discovered could allow unauthorized access to arbitrary file retrieval with root privileges and denial of service.
 
Dell EMC was swift in its collaboration with DDI and has released two security advisories [ESA-2016-121 and ESA-2016-122] to address these vulnerabilities. These security advisories are accessible to customers on the Dell EMC Online Support website. For more details on the Dell EMC Vulnerability Response policy, please visit: https://www.emc.com/products/security/product-security-response-center.htm.
 
About the Vulnerabilities
 
Details surrounding the vulnerabilities are available on the DDI website. Additionally, DDI’s patented scanning technology is capable of detecting all of these vulnerabilities with network and authentication-based scans. Free unauthenticated scans to determine if your external internet-facing systems are exposed to these vulnerabilities are available and easy to implement for rapid results.
 
Digital Defense Research Methodology and Practices
 
DDI’s Vulnerability Research Team (VRT) regularly works with organizations in the responsible disclosure of zero-day vulnerabilities. The expertise of DDI’s VRT, when coupled with the company’s next generation hybrid cloud platform, FrontlineVulnerability Manager, enables our early detection capabilities. When zero-days are discovered and internally validated, our VRT immediately contacts the IT platform supplier to notify the organization of the new finding(s) and then VRT assists, wherever possible, with the IT platform supplier’s remediation actions.
 
“Our team continues to uncover zero-day vulnerabilities, which demonstrates the power of our technology and excellent research capabilities,” states Larry Hurtado, DDI president and CEO. “Our commitment is to stay one step ahead of cybercriminals to ensure the utmost security of our clients and to make the general community aware of issues that could potentially threaten their security.”
 
 
About Digital Defense
Founded in 1999, Digital Defense, Inc. (DDI) is a trusted provider of managed security risk assessment solutions, protecting billions of dollars in assets for clients around the globe, including those in highly regulated industries such as healthcare, financial and retail; as well as those entrusted with sensitive data, such as legal and energy sector members. DDI’s unique Vulnerability Management as a Service (VMaaS™) model delivers consistently accurate vulnerability scanning and penetration testing, while its security awareness training promotes employees’ security-minded behavior. DDI security solutions are highly regarded by industry experts, as illustrated by the company’s  top 25 ranking (#21) in Cybersecurity Ventures’ list of the World’s 500 Hottest Cybersecurity Companies, as well as inclusion in CSO Outlook’s Top 10 Network Security Companies and CIO Review’s 20 Most Promising Cyber Security Solutions. Contact DDI at 888-273-1412 or digitaldefense.com; and connect with us on LinkedIn, Twitter and Blog.
 
Digital Defense and the Shield Logo are Registered Service Marks of Digital Defense, Inc. All other trademarks are the property of their respective owners.
Contact:
Jamie McInturff, Director of Brand Marketing
(210) 822-2645