CVE-2021-4406
Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others
| CVE | CVE-2021-4406 | |||||||||||
| Title | Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others | |||||||||||
| Credits |
|
|||||||||||
| Affected products |
|
|||||||||||
| CVSS |
Base score:
9.1
(CRITICAL) |
|||||||||||
| References |
|
|||||||||||
| Problem type(s) | CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') | |||||||||||
| Date published | ||||||||||||
| Last modified | 10 Jul 2023 06:29 UTC |
Description
An administrator is able to execute commands as root via the alerts management dialog
Solution(s)
Upgrade to the latest version of OSNEXUS QuantaStor and hope it is fixed
JSON version.