Iolan Sts
Monthly
Authenticated attackers can execute arbitrary commands as root on Perle IOLAN STS and SCS terminal servers (firmware <6.0) by injecting shell metacharacters through the restricted shell's 'ps' command. This command injection flaw (CWE-78) allows full operating system compromise after gaining access via Telnet or SSH. VulnCheck reported this vulnerability with vendor patch now available in firmware 6.0. EPSS score of 0.14% (34th percentile) indicates low predicted exploitation probability, and no active exploitation or public POC has been identified at time of analysis.
Authenticated attackers can execute arbitrary commands as root on Perle IOLAN STS and SCS terminal servers (firmware <6.0) by injecting shell metacharacters through the restricted shell's 'ps' command. This command injection flaw (CWE-78) allows full operating system compromise after gaining access via Telnet or SSH. VulnCheck reported this vulnerability with vendor patch now available in firmware 6.0. EPSS score of 0.14% (34th percentile) indicates low predicted exploitation probability, and no active exploitation or public POC has been identified at time of analysis.