HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
Posted by deepcore on June 27, 2018 – 8:09 pm
HP Enterprise VAN SDN Controller version 2.7.18.0503 suffers from an unauthenticated remote root vulnerability. A hard-coded service token can be used to bypass authentication. Built-in functionality can be exploited to deploy and execute a malicious deb file containing a backdoor. A weak sudoers configuration can then be abused to escalate privileges to root. A second issue can be used to deny use of the appliance by continually rebooting it.
Post a reply
You must be logged in to post a comment.