A recent CISA advisory highlighted five critical vulnerabilities in StoneFly Storage Concentrator, with two scoring 10.0 on the CVSS scale, allowing unauthenticated attackers to execute root commands. The vulnerabilities include unauthenticated command injection, SQL injection for session tokens and passwords, exposure of hardcoded credentials, and reflected XSS. They can compromise data integrity in sectors like energy, healthcare, and finance. Affected versions are those prior to 8.0.4.29, and users are urged to upgrade immediately while restricting public access and monitoring logs.
CISA alerts to critical StoneFly flaws enabling root access
CyberSIXT Evidence Panel
Primary Source
cisa.gov
Article by CyberSIXT