Dell Data Protection Advisor vulnerable through countless security flaws
Dell is closing vulnerabilities in Data Protection Advisor, some of which are sixteen years old, which attackers can use to compromise systems.
(Image: Photon photo/Shutterstock.com)
Actually, Dell's IT security solution Data Protection Advisor is supposed to protect computers, but with certain versions, the exact opposite is the case, and attackers can exploit numerous security vulnerabilities.
Many Dangers
As a warning message indicates, the computer manufacturer classifies the impact of successful attacks as “critical” overall. All vulnerabilities affect third-party components such as Apache Ant, libcurl, and SQLite. Some vulnerabilities are sixteen years old. It is currently unclear why the developers are only now closing the vulnerabilities. The warning message lists 378 CVE entries.
These include, among others, malware vulnerabilities in libcurl (CVE-2016-7167 “critical”) and Xstream (CVE-2021-39145 “high”). Due to the age of some vulnerabilities, it is plausible that some vulnerabilities now closed in the context of Data Protection Advisor are being exploited. However, there is no indication of this in Dell's warning message.
The developers state that only Data Protection Advisor versions 19.10 up to and including 19.12 SP1 are impacted. Version 19.12 SP2 is equipped with security updates.
Videos by heise
Recently, Dell closed security vulnerabilities in its cloud storage solutions, ECS and ObjectScale.
(des)
