ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control –
– ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper authentication, potentially enabling unauthorized access or stop and deny service access. – Read More – Packet Storm