Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-56413

Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges.

Ver en NVD

Análisis

El Storage Concentrator (SC y SCVM) presenta una vulnerabilidad de inyección de comandos que permite a un atacante remoto no autenticado ejecutar comandos arbitrarios con privilegios de root. Al enviar paquetes maliciosos al puerto TCP 9000, es posible comprometer totalmente el dispositivo sin necesidad de credenciales. Con un puntaje CVSS de 10.0, representa un riesgo crítico para la infraestructura de almacenamiento y redes.

Roles relevantes

BackendCyberSecurityLinuxHardwareCloud

Severidad

Puntaje: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-78

EPSS

Sin puntaje EPSS aún (CVE muy reciente).

Descripción técnica

Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges.

Publicada: 30/6/2026, 23:17:32
Última modificación: 30/6/2026, 23:17:32

Referencias

InicioEventosBlogRecursosEquipo