CVE-2021-42081 - Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355

CVE	CVE-2021-42081
Credits	Wietse Boonstra
Affected products	Product Affected Unaffected Unknown OSNEXUS QuantaStor >= semver 0 to < 6.0.0.355 everything else
CVSS	Base score: 9.1 (CRITICAL)
References	https://www.wbsec.nl/osnexus ( third-party-advisory ) https://www.divd.nl/DIVD-2021-00020 ( third-party-advisory ) https://www.osnexus.com/products/software-defined-storage ( product ) https://csirt.divd.nl/CVE-2021-42081 ( third-party-advisory )
Problem type(s)	CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Solution(s)	Upgrade to the latest version of OSNEXUS QuantaStor.
Last modified	06 Jul 2023 15:46

Description

JSON version