SoftNAS Cloud 0day found: Upgrade ASAP
SoftNAS users should upgrade their virtual appliance immediately following the discovery of a security issue in the product’s session management. Texas pen-testing outfit Digital Defense discovered the vulnerability during an engagement and coordinated disclosure with SoftNAS. Version 4.2.2 contains the relevant security patch.
“SoftNAS Cloud Enterprise 4.2.0 is vulnerable to an authenticated bypass that could be leveraged to gain access to the webadmin interface without valid user credentials,” the Digital Defense advisory says. “The vulnerability potentially allows an attacker to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and data.”