Published: 04/08/2018 Updated: 02/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

A command injection vulnerability was found in the web administration console in SoftNAS Cloud prior to 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated malicious user to execute arbitrary commands with root permissions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
softnas cloud

Check Point Reference: CPAI-2018-2628 Date Published: 26 Feb 2024 Severity: Critical ...

Core Security - Corelabs Advisory corelabscoresecuritycom/ SoftNAS Cloud OS Command Injection 1 *Advisory Information* Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL: wwwcoresecuritycom/advisories/softnas-cloud-OS-command-injection Date published: 2018-07-26 Date of last update: 2018-05-28 V ...

SoftNAS Cloud versions prior to 403 suffers from an OS command injection vulnerability ...

CWE-78 https://www.coresecurity.com/advisories/softnas-cloud-os-command-injection https://docs.softnas.com/display/SD/Release+Notes http://seclists.org/fulldisclosure/2018/Jul/85 https://www.exploit-db.com/exploits/45097/http://www.securityfocus.com/bid/104914 https://nvd.nist.gov https://www.exploit-db.com/exploits/45097/https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2018-2628.html

CVE-2018-14417

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect