Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Lenovo Network Storage Device Vulnerability Patched

Researchers discovered a vulnerability in Lenovo network storage devices that allows attackers to gain unauthorized remote read-only access to network-attached storage (NAS) shares.

Researchers discovered a vulnerability in Lenovo network storage devices that allows attackers to gain unauthorized remote read-only access to network-attached storage (NAS) shares.

The vulnerability was discovered by researchers at Digital Defense Inc. Lenovo has issued a firmware update to address the problem, which affected LenovoEMC, Lenovo and Iomega NAS devices with LenovoEMC LifeLine firmware version 4.0.2.9960 or 4.0.4.14600.

According to Digital Defense, the web server for the LenovoEMC StorageCenter PX4-300R allows unauthenticated remote users to retrieve specific files located outside of the web root. For an attacker to exploit this vulnerability, they would have to hve direct knowledge of the directory structure.

Once the flaw was discovered, Digital Defense began working with Lenovo to address the issue.

Advertisement. Scroll to continue reading.

“Our goal is to work hand in hand with hardware and software manufacturers to help them understand our security vulnerability discoveries and to ensure this intelligence is rapidly communicated to our clients and other end users, with the appropriate remediation solution, to ensure any potential risk is mitigated,” said Larry Hurtado, DDI president and CEO, in a statement. “This responsible disclosure process has been effective in resolving security issues before they potentially open the door to malicious attacks.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.