CNVD-2021-59061

Vulnerability from cnvd - Published: 2021-08-06
VLAI Severity ?
Title
QSAN SANOS和QSAN XEVO命令注入漏洞
Description
QSAN SANOS和QSAN XEVO都是中国QSAN公司的产品。QSAN SANOS是SAN存储管理操作系统。它配备了令人耳目一新的简单易用的Web GUI,并且可以轻松部署到任何基础架构中。QSAN XEVO是一款闪存数据管理系统。减少重复性任务并提供完整的数据分析。 QSAN SANOS和QSAN XEVO存在命令注入漏洞,攻击者可利用该漏洞执行任意命令。
Severity
Patch Name
QSAN SANOS和QSAN XEVO命令注入漏洞的补丁
Patch Description
QSAN SANOS和QSAN XEVO都是中国QSAN公司的产品。QSAN SANOS是SAN存储管理操作系统。它配备了令人耳目一新的简单易用的Web GUI,并且可以轻松部署到任何基础架构中。QSAN XEVO是一款闪存数据管理系统。减少重复性任务并提供完整的数据分析。 QSAN SANOS和QSAN XEVO存在命令注入漏洞,攻击者可利用该漏洞执行任意命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://www.qsan.com/en

Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-32529
Impacted products
Name
['QSAN XEVO <1.2.0 (build 202007081800)', 'QSAN SANOS <2.0.0 (build 202012222000)']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-32529"
    }
  },
  "description": "QSAN SANOS\u548cQSAN XEVO\u90fd\u662f\u4e2d\u56fdQSAN\u516c\u53f8\u7684\u4ea7\u54c1\u3002QSAN SANOS\u662fSAN\u5b58\u50a8\u7ba1\u7406\u64cd\u4f5c\u7cfb\u7edf\u3002\u5b83\u914d\u5907\u4e86\u4ee4\u4eba\u8033\u76ee\u4e00\u65b0\u7684\u7b80\u5355\u6613\u7528\u7684Web GUI\uff0c\u5e76\u4e14\u53ef\u4ee5\u8f7b\u677e\u90e8\u7f72\u5230\u4efb\u4f55\u57fa\u7840\u67b6\u6784\u4e2d\u3002QSAN XEVO\u662f\u4e00\u6b3e\u95ea\u5b58\u6570\u636e\u7ba1\u7406\u7cfb\u7edf\u3002\u51cf\u5c11\u91cd\u590d\u6027\u4efb\u52a1\u5e76\u63d0\u4f9b\u5b8c\u6574\u7684\u6570\u636e\u5206\u6790\u3002\n\nQSAN SANOS\u548cQSAN XEVO\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.qsan.com/en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-59061",
  "openTime": "2021-08-06",
  "patchDescription": "QSAN SANOS\u548cQSAN XEVO\u90fd\u662f\u4e2d\u56fdQSAN\u516c\u53f8\u7684\u4ea7\u54c1\u3002QSAN SANOS\u662fSAN\u5b58\u50a8\u7ba1\u7406\u64cd\u4f5c\u7cfb\u7edf\u3002\u5b83\u914d\u5907\u4e86\u4ee4\u4eba\u8033\u76ee\u4e00\u65b0\u7684\u7b80\u5355\u6613\u7528\u7684Web GUI\uff0c\u5e76\u4e14\u53ef\u4ee5\u8f7b\u677e\u90e8\u7f72\u5230\u4efb\u4f55\u57fa\u7840\u67b6\u6784\u4e2d\u3002QSAN XEVO\u662f\u4e00\u6b3e\u95ea\u5b58\u6570\u636e\u7ba1\u7406\u7cfb\u7edf\u3002\u51cf\u5c11\u91cd\u590d\u6027\u4efb\u52a1\u5e76\u63d0\u4f9b\u5b8c\u6574\u7684\u6570\u636e\u5206\u6790\u3002\r\n\r\nQSAN SANOS\u548cQSAN XEVO\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "QSAN SANOS\u548cQSAN XEVO\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "QSAN XEVO \u003c1.2.0 (build 202007081800)",
      "QSAN SANOS \u003c2.0.0 (build 202012222000)"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-32529",
  "serverity": "\u9ad8",
  "submitTime": "2021-07-09",
  "title": "QSAN SANOS\u548cQSAN XEVO\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.