A critical hard-coded credential vulnerability in Dell ECS and ObjectScale enables local, unauthenticated attackers to gain unauthorized access to the underlying filesystem.

The product utilizes hard-coded credentials within its configuration, which can be exploited by an unauthenticated attacker with local access to the system. This allows for unauthorized escalation and direct interaction with the filesystem.

With a CVSS score of 9.8, this vulnerability poses a severe threat to the confidentiality and integrity of stored data. Local exploitation could allow an attacker to bypass security controls, leading to unauthorized access to sensitive information stored within the Dell ECS or ObjectScale platforms, potentially resulting in a total loss of data sovereignty.

Immediate Action: Apply the latest security patches provided by Dell for ECS and ObjectScale to remove the hard-coded credentials.

Proactive Monitoring: Monitor local system access logs and audit trails for unauthorized login attempts or unexpected command execution on the storage appliance.

Compensating Controls: Ensure that physical and logical access to the hardware management interface is strictly restricted to authorized personnel only.

Public Exploit Available: Unknown

Security teams must prioritize the deployment of vendor-supplied patches for all affected Dell storage hardware. Because this vulnerability facilitates filesystem access, it represents a significant risk to data stored on these platforms and should be addressed as part of an emergency maintenance cycle.