Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps'
Vulnerability Description
Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c' invocation running as root. An authenticated attacker who can log in to the device can inject shell metacharacters after the 'ps' subcommand to execute arbitrary OS commands with root privileges, leading to full compromise of the underlying operating system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Perle IOLAN STS/SCS 操作系统命令注入漏洞
Vulnerability Description
Perle IOLAN STS/SCS是美国Perle公司的一系列用于串口设备联网与远程管理的终端服务器。 Perle IOLAN STS/SCS 6.0之前版本存在操作系统命令注入漏洞,该漏洞源于受限shell中ps命令参数清理不当,可能导致经过身份验证的攻击者执行任意OS命令。
CVSS Information
N/A
Vulnerability Type
N/A