SoftNAS Cloud 0day found: Upgrade ASAP

SoftNAS users should upgrade their virtual appliance immediately following the discovery of a security issue in the product’s session management. Texas pen-testing outfit Digital Defense discovered the vulnerability during an engagement and coordinated disclosure with SoftNAS. Version 4.2.2 contains the relevant security patch.

“SoftNAS Cloud Enterprise 4.2.0 is vulnerable to an authenticated bypass that could be leveraged to gain access to the webadmin interface without valid user credentials,” the Digital Defense advisory says. “The vulnerability potentially allows an attacker to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and data.”

To read this article in full, please click here

Read more: SoftNAS Cloud 0day found: Upgrade ASAP

Story added 20. March 2019, content source with full text you can find at link above.