What is CVE-2018-14417?

CVE-2018-14417 is a vulnerability in N/a. Published 2018-08-03.

Is CVE-2018-14417 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-14417

A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthentica…

EPSS: 0.711 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

104914 (vdb-entry, x_refsource_BID)
45097 (exploit, x_refsource_EXPLOIT-DB)
www.coresecurity.com/advisories/softnas-cloud-os-command-injection (x_refsource_MISC)
docs.softnas.com/display/SD/Release+Notes (x_refsource_CONFIRM)
20180726 [CORE-2018-0009] - SoftNAS Cloud OS Command Injection (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2018-14417?: CVE-2018-14417 is a vulnerability in N/a. Published 2018-08-03.
Is CVE-2018-14417 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.