| Issue Date: | 2014/06/27 |
| Updated Date: | 2014/06/27 |
| Title: | PZOS Platform Information Disclosure |
| Classification: | Important |
| Status: | Closed |
| Affected Products: | PZOS – All Supported Versions 5.4.3.3 or Below |
Summary
The PZOS software contains a vulnerability that could lead to information disclosure.
Details
An information disclosure vulnerability exists in PZOS. An attacker with access to the Panzura Controller web UI has the ability to retrieve the contents of the platform by accessing the system shell.
This vulnerability will be addressed in the next patch release of PZOS. To reduce and eliminate the exposure in the meantime, customers should ensure that access to the Panzura Controller web UI through the LAN port is protected by their firewall rules and the admin password is controlled and managed by trusted administrators within the company.
Resolution
Upgrade the Panzura software to PZOS version 5.4.3.4 or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.