CVE-2021-32524
QSAN Storage Manager - Command Injection-3
In short
A flaw in QSAN Storage Manager allows attackers with admin access to run any commands they want on the system. This is dangerous because attackers can take complete control of the storage device.
Technical detail
CWE-78 command injection vulnerability in QSAN Storage Manager allows authenticated privileged users to execute arbitrary system commands through unsanitized input in administrative functions. Exploitation requires valid administrative credentials; successful exploitation results in complete system compromise and arbitrary code execution.
Summary generated and translated by AI from the official description.
Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
QSAN · Storage ManagerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →