HP Enterprise VAN SDN Controller version 2.7.18.0503 suffers from an unauthenticated remote root vulnerability. A hard-coded service token can be used to bypass authentication. Built-in functionality can be exploited to deploy and execute a malicious deb file containing a backdoor. A weak sudoers configuration can then be abused to escalate privileges to root. A second issue can be used to deny use of the appliance by continually rebooting it. Continue reading...
