CVE-2021-4406 - Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others

CVE	CVE-2021-4406
Credits	Wietse Boonstra
Affected products	Product Affected Unaffected Unknown OSNEXUS QuantaStor >= semver 0 to < 6.0.0.355 everything else
CVSS	Base score: 9.1 (CRITICAL)
References	https://www.divd.nl/DIVD-2021-00020 ( third-party-advisory ) https://www.osnexus.com/products/software-defined-storage ( product ) https://csirt.divd.nl/CVE-2021-4406 ( third-party-advisory )
Problem type(s)	CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Solution(s)	Upgrade to the latest version of OSNEXUS QuantaStor and hope it is fixed
Last modified	06 Jul 2023 15:43

Description

JSON version