# Exploit author: @dolevff # Vendor homepage: http://www.openfiler.com # Affected Software version: 2.99.1 (latest) # Alerted vendor: 7.5.14 # CVE-2014-7190 Software Description ===================== Openfiler is a network storage operating system. With the features we built into Openfiler, you can take advantage of file-based Network Attached Storage and block-based Storage Area Networking functionality in a single cohesive framework. Vulnerability Description ========================= it is possible to restart/shutdown a server running openfiler due to missing session tokens and cause a denial of service attack. proof of concept: =========================