CVE-2026-56413
Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges.
Ver en NVDAnálisis
El Storage Concentrator (SC y SCVM) presenta una vulnerabilidad de inyección de comandos que permite a un atacante remoto no autenticado ejecutar comandos arbitrarios con privilegios de root. Al enviar paquetes maliciosos al puerto TCP 9000, es posible comprometer totalmente el dispositivo sin necesidad de credenciales. Con un puntaje CVSS de 10.0, representa un riesgo crítico para la infraestructura de almacenamiento y redes.
Roles relevantes
Severidad
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HCWE-78EPSS
Sin puntaje EPSS aún (CVE muy reciente).
Descripción técnica
Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges.