CVE-2018-10575

Опубликовано: 30 апр. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.

Ссылки

http://seclists.org/fulldisclosure/2018/May/12
Mailing List
Third Party Advisory
https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy
Vendor Advisory
https://www.exploit-db.com/exploits/45409/
https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes
Vendor Advisory
http://seclists.org/fulldisclosure/2018/May/12
Mailing List
Third Party Advisory
https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy
Vendor Advisory
https://www.exploit-db.com/exploits/45409/
https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:watchguard:ap200_firmware:*:*:*:*:*:*:*:*

Версия до 1.2.9.15 (исключая)

cpe:2.3:h:watchguard:ap200:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:watchguard:ap102_firmware:*:*:*:*:*:*:*:*

Версия до 1.2.9.15 (исключая)

cpe:2.3:h:watchguard:ap102:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:watchguard:ap100_firmware:*:*:*:*:*:*:*:*

Версия до 1.2.9.15 (исключая)

cpe:2.3:h:watchguard:ap100:-:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.11206

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-mv8v-4whv-fv79

CVSS3: 9.8

github

больше 3 лет назад

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.

EPSS

Процентиль: 93%

0.11206

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-798