The report details SQL injection, command injection, privilege escalation, local file inclusion, cross-site scripting, account hijacks and hard-coded credentials affecting two Riverbed virtual appliances: the SteelCentral NetProfiler, and NetExpress.

The bugs can be chained together to obtain unauthenticated remote code execution as the root user, the advisory states.

Riverbed pushed out a patch earlier this month, to version 10.9.0 for both NetProfiler and NetExpress, here.

Here's the TL;dr part

The SQL injection vulnerability allows an attacker to insert a user account without authentication, as a POST in the system's REST API, which is exposed from the main Web GUI login screen.

There are other post-authentication SQL injection vulnerabilities; and Security-Assessment's proof-of-concept shows how to exploit these to write malicious PHP and obtain remote code execution.


There are multiple cross-site scripting bugs in the systems' Web interfaces;

Accounts can be hijacked because system credentials are exposed in the password reset page source code; and

The system accounts mazu , dhcp and root all use bb!nmp4y as their default password.

The text above is a summary, you can read full article here.