NETSHIELD Corporation Nano 25 Vulnerability

By Fortra's Digital Defense

Digital Defense, Inc. is disclosing a vulnerability identified in NETSHIELD Corporation Nano 25 discovered by our Vulnerability Research Team (VRT).  The engineers at NETSHIELD Corporation were prompt in their response when notified of the flaw and have provided a patch for the cyber security issue.

NETSHIELD Corporation has released a patch for the affected Nano 25 version 10.2.18.

Fortra VM will not include an explicit check for this vulnerability due to the requirement of valid credentials to trigger it.

Details of the vulnerability are as follows:

Summary:

DDI-VRT-2020-06 – NETSHIELD Corporation Nano 25 Authenticated Root Command Injection (CVE-2021-3149)

Details

Vulnerability:

Post Authentication Root Command Injection

Impact:

An authenticated attacker could leverage this vulnerability to execute arbitrary operating system commands with root privileges.

Application/Version Affected:

NETSHIELD Corporation Nano 25 version 10.2.18

Details:

The Perl script manual_ping.cgi hosted in /usr/local/webmin/System/ passes user input to system() that is not sufficiently filtered. This allows an attacker to inject shell commands.

Share This