More Like This
-
Capability Overview
Cyber Resilience
-
Product / Service
Penetration Testing Services
Aon discovered two security vulnerabilities affecting StoneFly Storage Concentrator (SC) and Storage Concentrator Virtual Machine (SCVM) leading to arbitrary command execution and information disclosure, both requiring user authentication. The vulnerabilities affect SC and SCVM running version 8.0.4.25 and below. The vulnerabilities were discovered by Aon team member David Glenn Baylon.
Aon would like to thank StoneFly for working with us as part of our coordinated disclosure process.
Capability Overview
Cyber Resilience
Product / Service
Penetration Testing Services
StoneFly SC and SCVM are vulnerable to authenticated blind operating system command injection attacks. Successful exploitation of this vulnerability leads to privileged arbitrary command execution, resulting in complete compromise of an SC and/or SCVM.
Refer to the vendor pages listed under Vendor Advisory for a complete list of product versions in which this vulnerability has been fixed and further instructions on how to upgrade the affected systems.
StoneFly SC and SCVM are vulnerable to authenticated path traversal attacks. Successful exploitation of this vulnerability leads to disclosure of sensitive information.
Refer to the vendor pages listed under Vendor Advisory for a complete list of product versions in which this vulnerability has been fixed and further instructions on how to upgrade the affected systems.
About Cyber Solutions:
Aon’s Cyber Solutions offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents.
General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Podcast 10 mins
Better Being Series: Discover the ‘Blue Zones’ Where People Live LongerPodcast 20 mins
Better Being Series: Improving Your Financial WellbeingPodcast 17 mins
Better Being Series: Are You Taking Care of Your Digital Wellbeing?Podcast 19 mins
On Aon Podcast: Better Being Series Dives into Women’s HealthPodcast 29 mins
On Aon’s Better Being Series: The World Wellbeing MovementPodcast 28 mins
On Aon’s Better Being Series: Mental Health and Creating Kinder CulturesPodcast 25 mins
On Aon’s Better Being Series: Managing Loss and GriefPodcast 24 mins
On Aon’s Better Being Series: Measuring WellbeingPodcast 25 mins
On Aon’s Better Being Series: Physical Wellbeing and ResiliencePodcast 23 mins
On Aon’s Better Being Series: Human SustainabilityExpert Views on Today's Risk Capital and Human Capital Issues
Article 2 mins
Introduction: Clarity and Confidence to Make Better DecisionsArticle 2 mins
The Age of Rising Resilience – An Economic OutlookArticle 3 mins
Building Resilience Against the Constant Cyber ThreatArticle 2 mins
Making Better Decisions – A Treasurer’s PerspectiveArticle 2 mins
How to Balance the Conflicting Forces of Efficiency, Performance and WellbeingArticle 3 mins
Seizing the Opportunity: Building a Comprehensive Approach to Risk TransferArticle 2 mins
Tapping New Markets to Unlock Deal ValueArticle 5 mins
The Rise of the Skills-Based OrganisationArticle 2 mins
Creating a Fair and Equitable Workforce for EveryoneArticle 3 mins
The Year of the Vote: How Geopolitical Volatility Will Impact BusinessesArticle 2 mins
The Aon DifferenceThe construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Article 8 mins
How North American Construction Contractors Can Mitigate Emerging RisksArticle 7 mins
Managing Construction Risks: 7 Risk Advisory StepsArticle 7 mins
Unlocking Capacity and Capital in a Challenging Construction Risk MarketArticle 7 mins
Protecting North American Contractors from Extreme Heat Risks with ParametricArticle 5 mins
How Climate Modeling Can Mitigate Risks and Improve Resilience in the Construction IndustryReport 1 mins
Construction Risk Management Europe Report 2023Article 8 mins
Parametric Can Help Mitigate Extreme Heat Risks for Contractors in EMEAArticle 9 mins
How the Construction Industry is Navigating Climate ChangeArticle 11 mins
Top Risks Facing Construction and Real Estate OrganizationsStay in the loop on today's most pressing cyber security matters.
Cyber Labs 9 mins
Bypassing EDR through Retrosigned Drivers and System Time ManipulationCyber Labs 10 mins
DNSForge – Responding with ForceCyber Labs 7 mins
Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev RulesCyber Labs 3 mins
Command Injection and Path Traversal in StoneFly Storage ConcentratorCyber Labs 7 mins
Adopt an AI Approach with Confidence, for CISOs and CIOsCyber Labs 3 mins
Responding to the CrowdStrike Outage: Implications for Cyber and Technology ProfessionalsCyber Labs 10 mins
DUALITY Part II - Initial Access and Tradecraft ImprovementsCyber Labs 17 mins
Cracking Into Password RequirementsCyber Labs 57 mins
DUALITY: Advanced Red Team Persistence through Self-Reinfecting DLL Backdoors for Unyielding ControlCyber Labs 7 mins
Restricted Admin Mode – Circumventing MFA On RDP LogonsCyber Labs 9 mins
Detecting “Effluence”, An Unauthenticated Confluence Web ShellCyber Labs 10 mins
Flash Loan Attacks: A Case StudyOur Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Article 9 mins
Building Resilience in a Buyer-Friendly Cyber and E&O MarketArticle 11 mins
A Middle Market Roadmap for Cyber ResilienceArticle 8 mins
Lessons Learned from the CrowdStrike Outage: 5 Strategies to Build Cyber ResilienceArticle 8 mins
Responding to Cyber Attacks: How Directors and Officers and Cyber Policies DifferArticle 7 mins
Why Now is the Right Time to Customize Cyber and E&O ContractsArticle 6 mins
8 Steps Toward Building Better Resilience Against Rising Ransomware AttacksArticle 7 mins
Mitigating Insider Threats: Managing Cyber Perils While Traveling GloballyArticle 5 mins
Managing Cyber Risk through Return on Security InvestmentArticle 10 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from InsideArticle 9 mins
Why HR Leaders Must Help Drive Cyber Security AgendaArticle 10 mins
Escalating Cyber Security Risks Mean Businesses Need to Build ResilienceOur Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Article 9 mins
The Next Evolution of Wellbeing is About PerformanceArticle 6 mins
Three Ways Collective Retirement Plans Support HR PrioritiesArticle 9 mins
How the Right Employee Wellbeing Strategy Impacts Microstress and Burnout at WorkPodcast 19 mins
On Aon Podcast: Better Being Series Dives into Women’s HealthArticle 7 mins
Making Wellbeing Part of a Company’s DNAPodcast 24 mins
On Aon’s Better Being Series: Measuring WellbeingPodcast 25 mins
On Aon’s Better Being Series: Physical Wellbeing and ResilienceArticle 7 mins
Why Workforce Wellbeing is Vital to Company PerformanceArticle 7 mins
COVID-19 has Permanently Changed the Way We Think About WellbeingExplore Aon's latest environmental social and governance (ESG) insights.
Article 8 mins
Why ESG Is Even More Important In A Crisis Like COVID-19Podcast 16 mins
On Aon Podcast: Approach to DE&I in the WorkplaceOur Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
Article 12 mins
Q4 2023: Global Insurance Market OverviewArticle 13 mins
Top Risk Trends to Watch in 2024How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
Article 12 mins
Top Risks Facing Organizations in Asia PacificArticle 12 mins
Top Risks Facing Organizations in North AmericaArticle 10 mins
Top Risks Facing Organizations in EuropeArticle 8 mins
Top Risks Facing Organizations in Latin AmericaArticle 8 mins
Top Risks Facing Organizations in the Middle East and AfricaArticle 9 mins
Top Risks Facing Organizations in the United KingdomOur Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
Article 14 mins
How Technology Will Transform Employee Benefits in the Next Five YearsPodcast 18 mins
On Aon Podcast: Technology Impacting the Future of Health and BenefitsArticle 8 mins
Integrating Workforce Data to Uncover Hidden InsightsArticle 9 mins
How Employers Can Use Data to Improve Their Health PlansPodcast 24 mins
On Aon’s Better Being Series: Measuring WellbeingArticle 11 mins
Designing Tomorrow: Personalizing EVP, Benefits and Total RewardsArticle 9 mins
How to Balance Cost with Growth in a Shifting Talent MarketArticle 8 mins
How Companies are Mitigating Rising Medical CostsArticle 10 mins
How Data and Analytics Can Optimize HR ProgramsExplore our hand-picked insights for human resources professionals.
Article 7 mins
COVID-19 has Permanently Changed the Way We Think About WellbeingArticle 7 mins
DE&I in Benefits Plans: A Global PerspectiveArticle 10 mins
How Data and Analytics Can Optimize HR ProgramsArticle 9 mins
Why HR Leaders Must Help Drive Cyber Security AgendaArticle 7 mins
Case Study: The LPGA Unlocks Talent Potential with DataArticle 11 mins
Navigating the New EU Directive on Pay TransparencyArticle 4 mins
How to Design Better Talent Assessment to Promote DE&IArticle 6 mins
Training and Transforming Managers for the Future of WorkArticle 7 mins
Rethinking Your Total Rewards Programs During Mergers and AcquisitionsArticle 14 mins
Building a Resilient Workforce That Steers Organizational Success | An Outlook Across IndustriesOur Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
Report 14 mins
A Workforce in Transition Prepares to Meet a Host of ChallengesArticle 17 mins
3 Strategies to Improve Career Outcomes for Older EmployeesArticle 7 mins
Companies Need a Global Benefits Identity in an Era of Cost ContainmentArticle 8 mins
Driving Inclusion and Diversity with Employee BenefitsArticle 17 mins
Five Big Human Resources Trends to Watch in 2024Article 8 mins
How Companies are Mitigating Rising Medical CostsReport 1 mins
The Global Medical Trend Rates Report 2025Podcast 25 mins
On Aon’s Better Being Series: Physical Wellbeing and ResilienceArticle 9 mins
How the Right Employee Wellbeing Strategy Impacts Microstress and Burnout at WorkArticle 11 mins
Advancing Women’s Health and Equity Through Benefits and SupportPodcast 18 mins
On Aon Podcast: Technology Impacting the Future of Health and BenefitsArticle 7 mins
How Collective Retirement Plans Help Support Financial SustainabilityOur Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
Article 8 mins
Exit Strategy Value Creation Opportunities Exist as Economic Pressures PersistArticle 5 mins
Future Trends for Financial Sponsors: Secondary TransactionsArticle 7 mins
3 Ways to Unlock M&A Value in a Challenging Credit EnvironmentArticle 7 mins
Rethinking Your Total Rewards Programs During Mergers and AcquisitionsArticle 9 mins
Organizational Design and Talent Planning are Key to M&A SuccessArticle 7 mins
An Ever-Complex Global Tax Environment Requires Strong M&A Risk SolutionsArticle 6 mins
Project Management for HR: The Secret Behind a Successful M&A DealArticle 9 mins
Cultural Alignment Planning Drives M&A SuccessReport 1 mins
A Guide to Maximizing Value in Post-Merger IntegrationsReport 2 mins
The ABC's of Private Equity M&A: Deal Flow Impacts of Al, Big Tech and Climate ChangeArticle 11 mins
The Silver Lining on M&A Deal Clouds: M&A Insurance Insights from 2023How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
Article 6 mins
Parametric Insurance: A Complement to Traditional Property CoverageArticle 8 mins
Using Parametric Insurance to Match Capital to Climate RiskArticle 6 mins
Using Parametric Insurance to Close the Earthquake Protection GapArticle 5 mins
How Technology Enhancements are Boosting ParametricOur Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.
Article 10 mins
How Financial Institutions can Prepare for Pay Transparency LegislationArticle 8 mins
Pay Transparency Can Lead to Better Equity Across BenefitsArticle 12 mins
Understanding and Preparing for the Rise in Pay TransparencyPodcast 14 mins
On Aon Podcast: Understanding Pay Transparency RegulationsArticle 11 mins
Navigating the New EU Directive on Pay TransparencyArticle 7 mins
To Disclose Pay or Not? How Companies are Approaching the Pay Transparency MovementPodcast 19 mins
On Aon Podcast: Better Being Series Dives into Women’s HealthArticle 11 mins
Advancing Women’s Health and Equity Through Benefits and SupportArticle 8 mins
Driving Inclusion and Diversity with Employee BenefitsArticle 7 mins
Belonging at Work: How Employers can Strengthen DE&IArticle 7 mins
DE&I in Benefits Plans: A Global PerspectivePodcast 16 mins
On Aon Podcast: Approach to DE&I in the Workplace