CVE-2018-14417

Sažetak

A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.

Reference

http://seclists.org/fulldisclosure/2018/Jul/85
http://www.securityfocus.com/bid/104914
https://docs.softnas.com/display/SD/Release+Notes
https://www.coresecurity.com/advisories/softnas-cloud-os-command-injection
https://www.exploit-db.com/exploits/45097/

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

02-10-2018 - 20:24

Objavljeno

04-08-2018 - 01:29