Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1.

[regiwils]

Hello,
The Cisco Talos team found a security vulnerability affecting Exhibitor Web UI. As this is a sensitive security issue, this email is to request a PGP key for further communication. An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1.

Is there a maintainer that can assist with resolution for this issue? Please provide email address and PGP so detailed report can be sent over or advise if there's a private repository to supply the information.

Please CC vulndev@cisco.com on all correspondence related to this issue.
For further information about the Cisco Vendor Vulnerability Reporting and Disclosure Policy please refer to this document which also links to our public PGP key. https://tools.cisco.com/security/center/resources/vendor_vulnerability_policy.html

[regiwils]

To date, we have not received a response or maintainer Exhibitor Web UI. Please provide information on anyone handling security issues.

[regiwils]

To date, we have not received a response and will plan for public disclosure of the reported security issue.