A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-03T16:00:00

Updated: 2024-08-05T09:29:50.966Z

Reserved: 2018-07-19T00:00:00

Link: CVE-2018-14417

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-08-04T01:29:03.810

Modified: 2024-11-21T03:49:00.520

Link: CVE-2018-14417

cve-icon Redhat

No data.