IBM: Storage Vulnerability Alert

Monday, November 4, 2013 @ 01:11 PM gHale

A warning is going out to owners of IBM’s Storwize arrays, SAN Volume Controller and Flex System V7000, because they could have their contents disappear forever.

“Administrative access to the system via the IP interface may be obtained without authentication,” said the IBM advisory.

RELATED STORIES
Holes in Netgear Devices
Cisco Security Advisories
Hole Found in D-Link Routers
Asus Updates Router Firmware

“The vulnerabilities can be exploited by a user with access to the system’s management IP interface using vulnerabilities in the Apache Struts component,” the advisory said. “If successful, the user can gain access with superuser privilege which will allow any modification to the configuration, including complete deletion.”

The fix is to upgrade Storwize appliances to version 7.1.0.5 of their operating system.

IBM said the web interface does not face the Internet, so for someone to attack and wipe out data, it has to be an inside job.



Leave a Reply

You must be logged in to post a comment.