Digital Defense Discovers Zero-Day Vulnerability in Lenovo Network Storage Devices

By Fortra's Digital Defense

San Antonio, TX – November 18, 2013 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security risk assessments, announced a zero-day finding, discovered by the company’s Vulnerability Research Team (VRT). This vulnerability, which resides in Lenovo® network storage devices, can potentially be exploited by an attacker to gain unauthorized remote read-only access to network-attached storage (NAS) shares. The security issue was discovered using DDI’s patent-pending vulnerability scanning technology.

The vulnerability is specific to LenovoEMC, Lenovo, and Iomega NAS devices with LenovoEMC LifeLine firmware version 4.0.2.9960 or 4.0.4.14600. Upon discovery, DDI and Lenovo began collaborating to examine and address the flaw, with Lenovo releasing a remedy for the issue today. Firmware updates are available for download from https://support.lenovoemc.com

DDI’s ability to identify and quickly disclose zero day threats is attributable to the company’s cutting edge technology, as well as the research expertise within the organization, which has resulted in multiple zero-day discoveries, including those within widely deployed platforms such as Dell EqualLogic, VMware®, Novell®, Epicor® and IBM® WebSphere®. This Decisive Security Intelligence is improving the security posture of organizations across the globe.

Larry Hurtado, DDI President & CEO, states, “Our powerful scanning technology, coupled with the delivery of our solutions through a cloud-based platform, provides us with a unique capability to proactively expose these previously unknown flaws. Our goal is to work hand in hand with hardware and software manufacturers to help them understand our security vulnerability discoveries and to ensure this intelligence is rapidly communicated to our clients and other end users, with the appropriate remediation solution, to ensure any potential risk is mitigated. This responsible disclosure process has been effective in resolving security issues before they potentially open the door to malicious attacks”.

Share This