1. Knowledge Base
  2. Security Advisories

PZOS-2014-003: PZOS Platform Information Disclosure

Issue Date: 2014/06/27
Updated Date: 2014/06/27
Title: PZOS Platform Information Disclosure
Classification: Important
Status: Closed
Affected Products: PZOS – All Supported Versions or Below


The PZOS software contains a vulnerability that could lead to information disclosure.


An information disclosure vulnerability exists in PZOS. An attacker with access to the Panzura Controller web UI has the ability to retrieve the contents of the platform by accessing the system shell.

This vulnerability will be addressed in the next patch release of PZOS. To reduce and eliminate the exposure in the meantime, customers should ensure that access to the Panzura Controller web UI through the LAN port is protected by their firewall rules and the admin password is controlled and managed by trusted administrators within the company.


Upgrade the Panzura software to PZOS version or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.