Softnas Cloud vulnerabilities
2 known vulnerabilities affecting softnas/cloud.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2018-14417P1CRITICALCVSS 9.8ExploitedPoCfixed in 4.0.32018-08-04
CVE-2018-14417 [CRITICAL] CWE-78 CVE-2018-14417: A command injection vulnerability was found in the web administration console in SoftNAS Cloud befor
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.
nvd
CVE-2019-9945P2CRITICALCVSS 9.8v4.2.0v4.2.12019-03-23
CVE-2019-9945 [CRITICAL] CVE-2019-9945: SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deploym
nvd