'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:vesystem_cloud_desktop_newserver_rce_vulnerability(Rule ID:1070210386)

Release Date2025/9/15

Rule NameVesystem Cloud Desktop newserver Remote Command Execution Vulnerability

Severity:critical

CVE ID

 

Descripiton

Vesystem Cloud Desktop is a next-generation cloud desktop system that integrates the advantages of VDI, VOI, and IDV architectures. It adopts a mixed front-end and back-end computing mode, which can achieve centralized management, efficient operation and maintenance, and secure availability. It supports multiple terminal device access and is widely used in industries such as government, education, healthcare, and finance. There is a remote command execution vulnerability in the desktop news server of Vesystem Cloud, which can be exploited by attackers to execute commands and gain control of the server.This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.