The following advisory describes two vulnerabilities found in ElastiCenter,
ElastiStor’s management console, File Injection that leads to unauthenticated remote code execution.
ElastiCenter is the centralized management tool that you use to configure, monitor, manage, and deploy the services provided by CloudByte ElastiStor.
ElastiCenter lets you:
- Use the Graphical User Interface to manage the storage environment
- Generate statistical and configuration reports to help troubleshoot
- Delegate administration tasks
- Track events
- Globally control various settings
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Continue reading SSD Advisory – CloudByte ElastiStor OS Unauthenticated Remote Code Execution