Nine NAS Bugs Open LenovoEMC, Iomega Devices to Attack

guest · Oct 1, 2018

Nine NAS Bugs Open LenovoEMC, Iomega Devices to Attack
Rated as high-risk vulnerabilities, these privilege-escalation flaws could allow an unauthenticated attacker to access protected content
October 1, 2018
https://threatpost.com/nine-nas-bugs-open-lenovoemc-iomega-devices-to-attack/137829/

Lenovo is warning of nine vulnerabilities rated “high” and impacting 20 separate network attached storage (NAS) devices sold by the company, including its LenovoEMC, Iomega and its Lenovo-branded NAS devices.

By exploiting one of several command-injection vulnerabilities in the devices’ operating system, an attacker could remotely take over the targeted system via root shell.

Ultimately, the attack could be used by an adversary to “steal and destroy personal or proprietary information stored on the targeted device, use it to pivot into an internal network, or add it to a botnet,” wrote Rick Ramgattie, security analyst and research team lead at ISE Labs, which found the vulnerabilities and posted a technical write-up of the bug on Monday.

“If it is not feasible to update the firmware immediately, partial protection can be achieved by removing any public shares, using the device only on trusted networks, and clicking on device URLs only from trustworthy sources,” Lenovo said.
Click to expand...

Log in or Sign up

Nine NAS Bugs Open LenovoEMC, Iomega Devices to Attack

guest Guest

Log in or Sign up

Nine NAS Bugs Open LenovoEMC, Iomega Devices to Attack

guest Guest

Useful Searches