LenovoEMC and Iomega NAS信息泄露漏洞安全通告
發布時間 2019-07-18漏洞編號和級別
影響版本
以下產品受影響:px12-350r and ix12-300r,HMNHD Cloud Editiond,StorCenter ix2-200,StorCenter ix4-200d,StorCenter ix4-200rl等。
漏洞概述
Lenovo Iomega StorCenter px12-350r等都是中國聯想(Lenovo)公司的存儲設備。
CVE-2019-6160影響了許多Iomega和LenovoEMC NAS產品,這些產品已在四年前達到了服務終點。傳統Iomega和LenovoEMC網絡連接存儲(NAS)設備中的漏洞導致任何人都可以通過Internet訪問許多TB的潛在敏感數據。
漏洞驗證
暫無POC/EXP。
修復建議
px12-350r and ix12-300r, version 4.0.24.34808:
http://download.lenovo.com/lenovoemc/eu/en/app/answers/detail/a_id/23142.html
HMNHD (Home Media Network Hard Drive) Cloud Editiond, version 3.2.16.30221:
http://download.lenovo.com/lenovoemc/na/en/app/answers/detail/a_id/26791.html
StorCenter ix2-200, Cloud Edition, version 3.2.16.30221:
http://download.lenovo.com/lenovoemc/na/en/app/answers/detail/a_id/26789.html
StorCenter ix4-200d, Cloud Edition, version 3.2.16.30221:
http://download.lenovo.com/lenovoemc/na/en/app/answers/detail/a_id/26784.html
StorCenter ix2-200, version 2.1.50.30227:
http://download.lenovo.com/lenovoemc/na/en/app/answers/detail/a_id/22318.html
StorCenter ix4-200d, version 2.1.50.30227:
http://download.lenovo.com/lenovoemc/na/en/app/answers/detail/a_id/22315.html
StorCenter ix4-200rl, version 2.1.50.30227 :
http://download.lenovo.com/lenovoemc/na/en/app/answers/detail/a_id/29782.html。
參考鏈接
https://www.helpnetsecurity.com/2019/07/17/lenovoemc-nas-devices-flaw/