1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: SoftNAS Cloud Command Injection CVE-2018-14417

Web Attack: SoftNAS Cloud Command Injection CVE-2018-14417

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a command injection vulnerability in SoftNAS Cloud.

Additional Information

SoftNAS Cloud is prone to an OS command-injection vulnerability because it fails to properly sanitize user-supplied input submitted to the 'recentVersion' parameter. Specifically, this issue affects the web administration console. An attacker can exploit this issue to execute malicious code in the target server with root privileges.

An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks.

Affected

  • Versions prior to SoftNAS Cloud 4.0.3 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube