漏洞类别:General remote services
漏洞等级: 
漏洞信息
Western Digital Arkeia is a fast, easy-to-use, and affordable solution for network backup. WD Arkeia backup servers can be deployed as a software application, a physical appliance, or a virtual appliance.
Western Digital Arkeia Virtual Appliance is exposed to Remote Command Execution vulnerability as the arkeiad daemon in the Arkeia Backup Agent allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation.
Affected Versions:
Western Digital Arkeia 11.0.12 and earlier
漏洞危害
Remote attackers could exploit this vulnerability to execute arbitrary commands on the system.
解决方案
The vendor has not released a patch to fix this vulnerability. Please contact Arkeia to fix this vulnerability. Workaround:
Restrict access to port 617 where possible.
0day
文章评论