Full Disclosure mailing list archives
SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution
From: Maor Shwartz <maors () beyondsecurity com>
Date: Thu, 19 Oct 2017 11:15:38 +0300
SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution Full report: https://blogs.securiteam.com/index.php/archives/3471 Twitter: @SecuriTeam_SSD Weibo: SecuriTeam_SSD Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system. The Endian Firewall is based on a hardened Linux operating system.” Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response Endian has released patches to address this vulnerability. For more information: https://help.endian.com/hc/en-us/articles/115012996087 -- Thanks Maor Shwartz Beyond Security GPG Key ID: 93CC36E2DE7FF514
Attachment:
SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution – SecuriTeam Blogs.pdf
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution Maor Shwartz (Oct 20)