DOS SS1 Incorrect Permission Assignment Vulnerability Allowing Root Privileges

A vulnerability exists in DOS SS1 versions 16.0.0.10 and earlier (Media version 16.0.0a and earlier) that improperly assigns permissions for critical resources. This flaw may enable users with access to a client terminal to gain root privileges.

Impact

Exploitation of this vulnerability allows authenticated users to obtain root privileges on the affected system.

Remediation

Users are advised to update to the latest version of SS1. For those under a maintenance contract, details are available on the 'CLUB SS1' website. SS1 Cloud users should check the admin site and update to a version that addresses this vulnerability.