Acronis Cyber Protect/Backup Remote Code Execution

Fortinet FortiManager Unauthenticated Remote Code Execution

Asterisk AMI Originate Authenticated Remote Code Execution

Debian Security Advisory 5823-1

Debian Security Advisory 5815-2

Riello UPS systems can have their restricted configuration shell bypassed to gain full underlying operating system access.

    I. VULNERABILITY-------------------------Riello UPS systems allow to easily escape the configuration shell and get access to the operating systemII. VENDOR-------------------------Riello (https://www.riello-ups.es/)III. DESCRIPTION-------------------------Riello UPS systems allow SSH access to configure the device, sometimes with the default credentials "admin:admin".Using the "-t bash" or "-t /bin/bash" paramters it is possible to escape the restricted shell and get access to the operating system:ssh admin@x.x.x.x -t bash

Headline

Riello UPS Restricted Shell Bypass

Packet Storm: Latest News