Multiple zero-day flaws found in EMC storage systems

Six vulnerabilities were found in the web-based tool that manages VMAX enterprise file storage systems.

Dell EMC has fixed six vulnerabilities that could allow an attacker to retrieve files stored by one of the company's top-end enterprise storage systems.

The flaws, found by Digital Defense (which has a commercial stake in the vulnerability-finding business), privately disclosed the vulnerabilities to Dell EMC, which on Monday released two security bulletins confirming the fixes.

According to Digital Defense, an attacker could exploit the flaws to gain unauthorized access to Unisphere, the web-based tool used to manage the storage systems.

An attacker could, among other things, arbitrarily retrieve files from the storage system and carry out denial-of-service attacks without authentication.

Two of the six flaws are rated "critical", the highest-rated severity.

VMAX systems are large storage arrays, typically used in the enterprise. Its upper range array can store up to four petabytes of data, using thousands of disk drives.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All