CVE-2016-1561

Опубликовано: 21 апр. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Высокий

Описание

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.

Ссылки

http://packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Password.html
Exploit
Third Party Advisory
VDB Entry
http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey
Third Party Advisory
https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials
Exploit
Mitigation
Third Party Advisory
http://packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Password.html
Exploit
Third Party Advisory
VDB Entry
http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey
Third Party Advisory
https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:exagrid:ex3000_firmware:4.8:*:*:*:*:*:*:*

cpe:2.3:h:exagrid:ex3000:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:exagrid:ex5000_firmware:4.8:*:*:*:*:*:*:*

cpe:2.3:h:exagrid:ex5000:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:exagrid:ex7000_firmware:4.8:*:*:*:*:*:*:*

cpe:2.3:h:exagrid:ex7000:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:exagrid:ex10000e_firmware:4.8:*:*:*:*:*:*:*

cpe:2.3:h:exagrid:ex10000e:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:exagrid:ex13000e_firmware:4.8:*:*:*:*:*:*:*

cpe:2.3:h:exagrid:ex13000e:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:exagrid:ex21000e_firmware:4.8:*:*:*:*:*:*:*

cpe:2.3:h:exagrid:ex21000e:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:exagrid:ex32000e_firmware:4.8:*:*:*:*:*:*:*

cpe:2.3:h:exagrid:ex32000e:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:exagrid:ex40000e_firmware:4.8:*:*:*:*:*:*:*

cpe:2.3:h:exagrid:ex40000e:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.84403

Высокий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-cwr4-jwc3-f83j

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 99%

0.84403

Высокий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200