Описание
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default.
Ссылки
- MitigationThird Party AdvisoryUS Government Resource
- Not Applicable
- MitigationThird Party AdvisoryUS Government Resource
- Not Applicable
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:motorola:ace1000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:motorola:ace1000:-:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00199
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-798
CWE-259
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default.
EPSS
Процентиль: 42%
0.00199
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-798
CWE-259