首页 > 安全研究 > 安全通报 > 安全通告

LenovoEMC and Iomega NAS信息泄露漏洞安全通告

发布时间 2019-07-18

漏洞编号和级别


CVE编号:CVE-2019-6160,危险级别:高危,CVSS分值:官方未评定


影响版本


以下产品受影响:px12-350r and ix12-300r,HMNHD Cloud Editiond,StorCenter ix2-200,StorCenter ix4-200d,StorCenter ix4-200rl等。


漏洞概述


Lenovo Iomega StorCenter px12-350r等都是中国联想(Lenovo)公司的存储设备。 


CVE-2019-6160影响了许多Iomega和LenovoEMC NAS产品,这些产品已在四年前达到了服务终点。传统Iomega和LenovoEMC网络连接存储(NAS)设备中的漏洞导致任何人都可以通过Internet访问许多TB的潜在敏感数据。


该漏洞源于不受保护的API调用,允许未经身份验证的用户通过API访问NAS共享上的文件。


漏洞验证


暂无POC/EXP。


修复建议


目前厂商已发布升级补丁以修复漏洞,补丁获取链接:


px12-350r and ix12-300r, version 4.0.24.34808: 

http://download.lenovo.com/lenovoemc/eu/en/app/answers/detail/a_id/23142.html


HMNHD (Home Media Network Hard Drive) Cloud Editiond, version 3.2.16.30221: 

http://download.lenovo.com/lenovoemc/na/en/app/answers/detail/a_id/26791.html


StorCenter ix2-200, Cloud Edition, version 3.2.16.30221: 

http://download.lenovo.com/lenovoemc/na/en/app/answers/detail/a_id/26789.html


StorCenter ix4-200d, Cloud Edition, version 3.2.16.30221: 

http://download.lenovo.com/lenovoemc/na/en/app/answers/detail/a_id/26784.html


StorCenter ix2-200, version 2.1.50.30227: 

http://download.lenovo.com/lenovoemc/na/en/app/answers/detail/a_id/22318.html


StorCenter ix4-200d, version 2.1.50.30227: 

http://download.lenovo.com/lenovoemc/na/en/app/answers/detail/a_id/22315.html


StorCenter ix4-200rl, version 2.1.50.30227 :

http://download.lenovo.com/lenovoemc/na/en/app/answers/detail/a_id/29782.html。


参考链接


https://www.helpnetsecurity.com/2019/07/17/lenovoemc-nas-devices-flaw/ 


上一篇 下一篇