SoftNAS Cloud® Zero-day Blog

By Fortra's Digital Defense

Digital Defense, Inc. is disclosing a vulnerability identified in SoftNAS Cloud(R) data storage platform discovered by our Vulnerability Research Team (VRT).  The engineers at SoftNAS are to be commended for their prompt response to the identified flaw and their team’s work with VRT to provide prompt fixes for this cyber security issue.

SoftNAS has provided a patch for the vulnerability identified on the application. The patch is available for download via Software Update in the SoftNAS appliance web interface.

Clients who currently use Fortra Vulnerability Management platform can sweep for the presence of this issue in Fortra VM by performing a full vulnerability assessment scan or selecting CVC SoftNAS Cloud Authentication Bypass (128007).

Details of the vulnerabilities are as follows:

Summary:

DDI-VRT-2019-01 – SoftNAS Cloud Authentication Bypass

Details

Vulnerability:

SoftNAS Cloud Authentication Bypass

Impact:

The authentication bypass can be leveraged to access the Webadmin interface which can add users and execute arbitrary commands as root

Application/Version Affected:

SoftNAS Cloud 4.2.0 and 4.2.1

Details:

The NGINX default configuration file has a check to verify the status of a user cookie. If not set, redirects a user to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials. If customers have not followed SoftNAS deployment best practices and expose SoftNAS StorageCenter(R) ports directly to the internet, this vulnerability allows an attacker to gain access to the Webadmin interface to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and the data.

Share This