What are you looking for ?
Advertise with us
RAIDON

Security: Iomega and LenovoEMC NAS Vulnerability

Products could allow unauthenticated user to access files on NAS shares via API.

From Lenovo

Lenovo Enterprise Solutions, Pte Ltd. has published a security alert concerning Iomega and LenovoEMC NAS vulnerability.

Lenovo Security Advisory: LEN-25557

  • Potential Impact: Information disclosure

  • Severity: High

  • Scope of Impact: Lenovo-specific

  • CVE Identifier: CVE-2019-6160

Summary description:
A vulnerability in Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.

Mitigation strategy for customers (what you should do to protect yourself):

  • Update to the firmware level (or later) described for your system in the Product Impact section.

  • If it is not feasible to update the firmware immediately, partial protection can be achieved by removing any public shares and using the device only on trusted networks.

Acknowledgement:

Lenovo would like to thank WhiteHat Security and Vertical Structure for reporting this issue.

Product impact:

Revision history:

Revision

Date

Description

1

2019-07-16

Initial release

For a complete list of all ‘Lenovo Product Security Advisories’, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an ‘as is’ basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E