Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
StarWind SAN & NAS 操作系统命令注入漏洞
Vulnerability Description
StarWind SAN & NAS是美国StarWind公司的独立管理程序服务器或服务器组。 StarWind SAN & NAS 存在操作系统命令注入漏洞,该漏洞源于StarWind SAN 和 NAS 在 0.2 build 1685 之前的版本中允许通过虚拟磁盘管理命令远程执行代码。
CVSS Information
N/A
Vulnerability Type
N/A