CasaOS Open Source cloud software critical vulnerabilities
Take action: If you are using CasaOS in your home cloud environment, the patch is very much worth the effort. Because the neighbours (or remote criminals) may end up owning your home cloud platform.
Researchers have reoirted two significant security weaknesses in the open source CasaOS personal cloud software.
Both of these security flaws are tracked under CVE-2023-37265 and CVE-2023-37266 (CVSS score 9.8).
When exploited successfully, these vulnerabilities can enable attackers to override security measures and obtain admin rights on the CasaOS software.
The weaknesses can let attackers bypass security authentication, thereby gaining unrestricted access to the CasaOS user interface. Furthermore, the software's ability to integrate third-party applications can be exploited by attackers. By running specific commands, they can not only achieve prolonged access to the targeted device but also potentially infiltrate associated internal systems.
The software's development team, IceWhale, promptly released a corrective version 0.4.4 on July 14, 2023.
|Combining MS SharePoint Server flaws achieve Remote Code …
|Ivanti reports another critical vulnerability - this time …
|Critical vulnerability discovered in IBM i Systems (AS/400) …
|Severe Vulnerabilities reported in in Ray Open Source …
|VMware reports public exploit of vRealize RCE vulnerability