Full title: HP VAN SDN Controller Root Command Injection Exploit Category: remote exploits Platform: linux This Metasploit module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller versions and below to execute a payload as root. A root command injection was discovered in the uninstall action's name parameter, obviating the need to use sudo for privilege escalation. If the service token option TOKEN is blank, USERNAME and PASSWORD will be used for authentication. An additional login request will be sent. # 0day.today @ http://0day.today/