PT-2026-54437 · Stonefly · Storage Concentrator+1
David Yesland
·
Publicado
2026-06-30
·
Atualizado
2026-06-30
·
CVE-2026-56413
CVSS v3.1
10
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges.
Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Storage Concentrator
Storage Concentrator Virtual Machine