Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability
Vulnerability Description
iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the use of an insecure protocol to deliver updates. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-25668.
CVSS Information
N/A
Vulnerability Type
敏感数据的明文传输
Vulnerability Title
iXsystems TrueNAS CORE 安全漏洞
Vulnerability Description
iXsystems TrueNAS CORE是iXsystems的一个开源存储软件。 iXsystems TrueNAS CORE 13.3-RELEASE版本存在安全漏洞,该漏洞源于处理固件更新时使用了不安全的协议传输更新文件,可能导致敏感信息的明文传输和篡改。
CVSS Information
N/A
Vulnerability Type
N/A