Описание
StarWind SAN and NAS before 0.2 build 1685 allows remote code execution via a virtual disk management command.
StarWind SAN and NAS before 0.2 build 1685 allows remote code execution via a virtual disk management command.
Связанные уязвимости
CVSS3: 9.8
nvd
около 4 лет назад
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633.