| Advisory ID | Severity | Release Date | Reported By | CVE ID |
| HSVD-2024-0026 | Low | February 17, 2025 | External submission | N/A |
Overview
Hillstone StoneOS Absolute Path Disclosure Vulnerability. Malicious attackers can obtain the absolute path information of the server by sending special requests. Such information leakage may provide attackers with clues to the internal structure of the server, thus triggering further security threats.
Affected Products & Fix Versions
| PRODUCT | AFFECTED VERSIONS | FIX VERSION |
|---|---|---|
| StoneOS | 5.5R8P22 and previous versions | 5.5R8P23 |
| CloudHive | CloudHive-2.9.4B1 and earlier versions | CloudHive-2.9.4B2 |
| WAF | 3.5.2 and earlier versions | 3.5.3 |
| ADC | 3.6.11 and earlier versions | 3.6.12 |
Remediation & Mitigation
- Repaired by upgrading the version.
Contact & Reporting
For technical support and detailed remediation guidance, contact Hillstone Networks support at +1-800-930-6707.
To report security issues in Hillstone products, email PSIRT@hillstonenet.com. Hillstone follows responsible disclosure principles and applicable regulations when handling product security incidents.
Legal notice — Without written authorization from Hillstone Networks, no organization or individual may modify, excerpt, or disseminate the content of this advisory for commercial purposes.
Recent Comments