Security Advisory

CVE-2018-14417

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-08-03 16:00:00

Last updated 2024-08-05 09:29:50

Assigner mitre

State PUBLISHED

Description

A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the recentVersion parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.

← Browse all CVEs View on cve.org ↗