Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
High Severity Flaw in Lenovo NAS Devices
July 17, 2019
Dark Reading reported that over 5,100 devices suffer from a firmware vulnerability that allows unauthenticated users to view and access data on the units. "The flaw, which is present in certain models of the NAS products, allows unauthenticated users to view and access data stored on the devices, and is trivially easy to exploit via the Application Programming Interface, researchers from Vertical Structure and WhiteHat Security said this week." The impacted devices include several models of Iomega's StorCenter and LenovoEMC's series of NAS systems. Some models are at end-of-life and will not get any update.
Lenovo did issue an update for some models and pulled three versions of its NAS software out of retirement so users could continue to utilize their product while a fix was being readied. The firmware update changes the API and web interface in order to secure it. In situations where a user might not be immediately able to update the firmware for any reason, they should remove any public shares and use the device only on trusted networks, Lenovo said.
Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com