Multiple zero-day flaws found in EMC storage systems

Dell EMC has fixed six vulnerabilities that could allow an attacker to retrieve files stored by one of the company’s top-end enterprise storage systems.

The flaws, found by Digital Defense (which has a commercial stake in the vulnerability-finding business), privately disclosed the vulnerabilities to Dell EMC, which on Monday released two security bulletins confirming the fixes.

According to Digital Defense, an attacker could exploit the flaws to gain unauthorized access to Unisphere, the web-based tool used to manage the storage systems.

An attacker could, among other things, arbitrarily retrieve flies from the storage system and carry out denial-of-service attacks without authentication.

Two of the six flaws are rated “critical,” the highest rated severity.

VMAX systems are large storage arrays, typically used in the enterprise. Its upper range array can store up to four petabytes of data, using thousands of disk drives.

More security news