Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339310）

Rule General Information


Release Date:		2025-07-30

Rule Name:		JumpServer Bastion Host Authentication Bypass Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		JumpServer is an open-source operation and maintenance security audit system that centrally controls access to assets such as RDP, SSH, and databases, achieving unified authentication, permission control, and full process recording. JumpServer bastion machine has a privilege authentication bypass vulnerability, which allows attackers to obtain administrator level tokens and use them for remote command execution.

Impact:		An unauthorized remote attacker can bypass authentication and gain access to the application with specially crafted requests.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.