Security updates: Attackers can access Dell ECS and ObjectScale
Dell's cloud solutions Elastic Cloud Storage and ObjectScale are vulnerable. The developers have now closed a vulnerability.
(Image: Artur Szczybylo/Shutterstock.com)
Attackers can access Dell Elastic Cloud Storage (ECS) and ObjectScale with comparatively little effort. Companies use these to set up cloud storage, among other things. If important data is stored there, unauthorized access can have far-reaching consequences. Security updates close the vulnerability.
Secure cloud instances
In a warning message, the developers state that local attackers can access instances without authentication based on a hardcoded SSH key (CVE-2025-26476"high"). It is currently not clear from the report whether there are already attacks. Admins should check the log files for unknown accesses.
In order to protect systems from the described attack, admins must install the ECS 3.8.1.5 or ObjectScale 4.0.0.0 versions with a security patch. According to the developers, all previous versions are susceptible to attacks.
Videos by heise
After a "fresh" reinstallation, instances are directly protected according to the warning message. Anyone updating an older version must still renew the SSH keys using the "Rotate SSH Keys" function for effective protection.
Dell last protected its Data Protection Advisor backup solution against possible attacksat the beginning of July.
(des)
