Skip to main content

Perle IOLAN STS/SCS CVE-2026-23759

| EUVDEUVD-2026-12580 HIGH
OS Command Injection (CWE-78)
2026-03-17 VulnCheck
8.6
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

9
Analysis Updated
May 01, 2026 - 15:42 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 01, 2026 - 15:37 vuln.today
cvss_changed
CVSS changed
May 01, 2026 - 15:37 NVD
7.2 (HIGH) 8.6 (HIGH)
Analysis Updated
Apr 16, 2026 - 06:21 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
6.0
EUVD ID Assigned
Mar 17, 2026 - 20:30 euvd
EUVD-2026-12580
Analysis Generated
Mar 17, 2026 - 20:30 vuln.today
CVE Published
Mar 17, 2026 - 15:20 nvd
HIGH 7.2

DescriptionCVE.org

Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c' invocation running as root. An authenticated attacker who can log in to the device can inject shell metacharacters after the 'ps' subcommand to execute arbitrary OS commands with root privileges, leading to full compromise of the underlying operating system.

AnalysisAI

Authenticated attackers can execute arbitrary commands as root on Perle IOLAN STS and SCS terminal servers (firmware <6.0) by injecting shell metacharacters through the restricted shell's 'ps' command. This command injection flaw (CWE-78) allows full operating system compromise after gaining access via Telnet or SSH. VulnCheck reported this vulnerability with vendor patch now available in firmware 6.0. EPSS score of 0.14% (34th percentile) indicates low predicted exploitation probability, and no active exploitation or public POC has been identified at time of analysis.

Technical ContextAI

Perle IOLAN STS (Serial Terminal Server) and SCS (Secure Console Server) devices are enterprise terminal server appliances used for out-of-band management and serial device connectivity. The vulnerability stems from improper input sanitization in the restricted shell's 'ps' command implementation, which internally invokes 'sh -c' with user-supplied arguments running in a privileged context. This is a classic OS command injection vulnerability (CWE-78) where special shell metacharacters (such as semicolons, pipes, backticks, or command substitution syntax) are not properly escaped before being passed to a shell interpreter. The restricted shell is designed to limit user actions, but this implementation flaw bypasses those restrictions by allowing arbitrary command execution through a seemingly innocuous process listing utility. The commands execute with root privileges, completely subverting the intended security boundary. Affected products are identified by CPE strings cpe:2.3:a:perle_systems:iolan_sts:*:*:*:*:*:*:*:* and cpe:2.3:a:perle_systems:iolan_scs:*:*:*:*:*:*:*:* for all firmware versions prior to 6.0.

RemediationAI

Upgrade all affected Perle IOLAN STS and SCS terminal servers to firmware version 6.0 or later, which contains vendor-released patches addressing the command injection vulnerability in the restricted shell's 'ps' command implementation. Firmware downloads and upgrade instructions are available from Perle Systems at https://www.perle.com/downloads/server_sds_sts_rackmount.shtml with device-specific procedures documented in the IOLAN SCS/SDS/STS User Guide at https://www.perle.com/support_services/documentation_pdfs/iolan_scs-sds-sts_ug.pdf. If immediate patching is not feasible, implement compensating controls including restricting network access to IOLAN management interfaces (Telnet/SSH) to dedicated out-of-band management networks with strict firewall rules allowing only trusted administrator IP addresses, enforcing strong authentication policies with complex passwords or certificate-based SSH authentication, disabling Telnet in favor of SSH-only access, implementing multi-factor authentication if supported by the environment, and establishing monitoring for unusual command patterns or failed authentication attempts. Note that network restrictions do not eliminate risk if attackers gain credentials through other means (phishing, credential reuse) but reduce attack surface. These workarounds should be considered temporary measures only, as the underlying code flaw remains exploitable by any authenticated user until firmware is upgraded.

Share

CVE-2026-23759 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy