Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.
The vendor hard-coded authentication credentials (e.g., password or key) directly into the software without the ability for administrators to change them. An attacker with local access to the system can use these known credentials to authenticate to the component without possessing legitimate permissions. As a result, they gain access to the device's file system, bypassing standard access control mechanisms.
An attacker can gain unauthorized access to the file system, which may lead to reading sensitive data, modifying configuration files, or compromising the integrity and confidentiality of stored data.
Dell ECS must be updated to a version higher than 3.8.1.7 and Dell ObjectScale to version 4.3.0.0 or newer in accordance with vendor recommendations described in bulletin DSA-2026-047 available at: https://www.dell.com/support/kbdoc/en-us/000462117/
Dell ECS in versions 3.8.1.0 through 3.8.1.7 inclusive and Dell ObjectScale in versions prior to 4.3.0.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDell Elastic Cloud Storage
APPDell3.8.1.0 – 4.3.0.0 (bez)Dell Objectscale
APPDell< 4.3.0.0
Related vulnerabilities
EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could pot...
Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and ver...
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of...
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Clearte...
Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key...