Security update: Dell Data Protection Advisor vulnerable via many gaps
Attackers can exploit vulnerabilities in Dell's Data Protection Advisor backup solution. The computer manufacturer classifies the risk as critical.
(Image: Tatiana Popova/Shutterstock.com)
Dell's backup solution Data Protection Advisor is vulnerable. In a current version, the developers have closed several security gaps. It is striking that they have closed vulnerabilities that were twelve years old in some cases. It is not yet clear why this is only happening now.
Security update available
Many gaps affect components of the backup solution such as Apache HttpClient, OpenSSL and SQLite. However, the application is also directly impacted. If attacks are successful, attackers can carry out denial-of-service attacks (DoS) in most cases, which leads to crashes (e.g. CVE-2016-0705 / EUVD-2016-0740, CVSS 9.8, risk "critical"; CVE-2021-46877 / EUVD-2023-0856, CVSS 7.5, risk "high").
Videos by heise
In the warning message about the vulnerabilities, there is currently no information about how attacks could take place and whether there are already attacks. The developers assure us that they have solved the security problems in version 19.12 Service Pack 1. Admins should ensure that their systems are up to date.
Last week, Dell had to deal with security vulnerabilities in Secure Connect Gateway. They jeopardized remote IT support.
(des)
