← back
CVE-2018-14417

CVE-2018-14417

EPSS 89.6%
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/45097/unverifiedexploitdbwww.exploit-db.com/exploits/45097unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.softnas.com/display/SD/Release+Noteshttp://seclists.org/fulldisclosure/2018/Jul/85https://www.coresecurity.com/advisories/softnas-cloud-os-command-injectionhttps://www.exploit-db.com/exploits/45097/http://www.securityfocus.com/bid/104914