CVE-2024-41925
2024-10-1 22:56:0 Author: claroty.com(查看原文) 阅读量:3 收藏

Critical Threat

CWE-98: IMPROPER CONTROL OF FILENAME FOR INCLUDE/REQUIRE STATEMENT IN PHP PROGRAM ('PHP REMOTE FILE INCLUSION')

The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code. ONS-S8 - Spectra Aggregation Switch: 1.3.7 and prior are affected.

Optigo Networks recommends users always use a unique management VLAN for the port on the ONS-S8 that is used to connect to OneView.

Optigo Networks also recommends users implement at least one of the following additional mitigations:

Use a dedicated NIC on the BMS computer and exclusively this computer for connecting to OneView to manage your OT network configuration.
Set up a router firewall with a white list for the devices permitted to access OneView.
Connect to OneView via secure VPN.


文章来源: https://claroty.com/team82/disclosure-dashboard/cve-2024-41925
如有侵权请联系:admin#unsafe.sh