Issue Date: 06/27/2014
Updated Date: 06/27/2014
Title: PZOS Platform Information Disclosure
Classification: Important
Status: Closed
Affected Products: PZOS – All Supported Versions 5.4.3.3 or Below

Summary

The PZOS software contains a vulnerability that could lead to information disclosure.

Details

An information disclosure vulnerability exists in PZOS. An attacker with access to the Panzura Controller web UI has the ability to retrieve the contents of the platform by accessing the system shell.

This vulnerability will be addressed in the next patch release of PZOS. To reduce and eliminate the exposure in the meantime, customers should ensure that access to the Panzura Controller web UI through the LAN port is protected by their firewall rules and the admin password is controlled and managed by trusted administrators within the company.

Resolution

Upgrade the Panzura software to PZOS version 5.4.3.4 or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.

Back to Advisories List