Lucene search

[email protected]CVE-2012-4577

HistoryAug 21, 2012 - 6:55 p.m.

CVE-2012-4577

2012-08-2118:55:00

CWE-255

[email protected]

web.nvd.nist.gov

linux firmware

korenix jetport

oring

din-rail

serial-device servers

hardcoded password

root account

remote attackers

administrative access

ssh

cve-2012-4577

7.2 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.0%

JSON

The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of “password” for the root account, which allows remote attackers to obtain administrative access via an SSH session.

CPENameOperatorVersion
korenix:jetportkorenix jetporteq5604i
korenix:jetportkorenix jetporteq5601f
korenix:jetportkorenix jetporteq5601
korenix:jetportkorenix jetporteq5604

CPE	Name	Operator	Version
korenix:jetport	korenix jetport	eq	5604i
korenix:jetport	korenix jetport	eq	5601f
korenix:jetport	korenix jetport	eq	5601
korenix:jetport	korenix jetport	eq	5604

References

ics-cert.us-cert.gov/advisories/ICSA-12-263-02

ics-cert.us-cert.gov/advisories/ICSA-12-297-02

www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity

www.securityfocus.com/bid/55196

exchange.xforce.ibmcloud.com/vulnerabilities/77992

7.2 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.0%

JSON

Related for CVE-2012-4577

prion1 ics2 nessus1