LenovoEMC StorageCenter PX4-300R Unauthorized Remote File Retrieval

Posted on November 19, 2013

DDIVRT-2013-55 LenovoEMC StorageCenter PX4-300R Unauthorized Remote File Retrieval

Date Discovered: October 10, 2013

Discovery Credit: Evan Sylvester and r@b13$

Vulnerability Description: 
The web server for the LenovoEMC StorageCenter PX4-300R allows unauthenticated remote users to retrieve specific files that are located outside of the web root. Malicious users would need to have direct knowledge of the directory structure to exploit this vulnerability. 

Solution Description:
LenovoEMC has addressed this vulnerability and released an updated version of the firmware for this device. Please refer to the following page for specific instructions on how to obtain and apply the update:
http://download.lenovo.com/lenovoemc/na/en/

Tested Systems / Software (with versions): 
LenovoEMC StorageCenter PX4-300R v4.0.4.146
BIOS: px4 fsbfv102

Vendor Contact: 
LenovoEMC
https://support.lenovoemc.com

Save

Related Products
Fortra Vulnerability Management
Related Solutions
Vulnerability Management