Lucene search

CertccCVE-2016-1560

HistoryApr 21, 2017 - 8:59 p.m.

CVE-2016-1560

2017-04-2120:59:00

CWE-798

certcc

web.nvd.nist.gov

exagrid

firmware

default password

vulnerability

cve-2016-1560

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.016

Percentile

87.3%

JSON

ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.

Affected configurations

Nvd

Node

exagridex3000_firmwareMatch4.8

AND

exagridex3000Match-

Node

exagridex5000_firmwareMatch4.8

AND

exagridex5000Match-

Node

exagridex7000_firmwareMatch4.8

AND

exagridex7000Match-

Node

exagridex10000e_firmwareMatch4.8

AND

exagridex10000eMatch-

Node

exagridex13000e_firmwareMatch4.8

AND

exagridex13000eMatch-

Node

exagridex21000e_firmwareMatch4.8

AND

exagridex21000eMatch-

Node

exagridex32000e_firmwareMatch4.8

AND

exagridex32000eMatch-

Node

exagridex40000e_firmwareMatch4.8

AND

exagridex40000eMatch-

VendorProductVersionCPE
exagridex3000_firmware4.8cpe:2.3:o:exagrid:ex3000_firmware:4.8:*:*:*:*:*:*:*
exagridex3000-cpe:2.3:h:exagrid:ex3000:-:*:*:*:*:*:*:*
exagridex5000_firmware4.8cpe:2.3:o:exagrid:ex5000_firmware:4.8:*:*:*:*:*:*:*
exagridex5000-cpe:2.3:h:exagrid:ex5000:-:*:*:*:*:*:*:*
exagridex7000_firmware4.8cpe:2.3:o:exagrid:ex7000_firmware:4.8:*:*:*:*:*:*:*
exagridex7000-cpe:2.3:h:exagrid:ex7000:-:*:*:*:*:*:*:*
exagridex10000e_firmware4.8cpe:2.3:o:exagrid:ex10000e_firmware:4.8:*:*:*:*:*:*:*
exagridex10000e-cpe:2.3:h:exagrid:ex10000e:-:*:*:*:*:*:*:*
exagridex13000e_firmware4.8cpe:2.3:o:exagrid:ex13000e_firmware:4.8:*:*:*:*:*:*:*
exagridex13000e-cpe:2.3:h:exagrid:ex13000e:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
exagrid	ex3000_firmware	4.8	cpe:2.3:o:exagrid:ex3000_firmware:4.8:::::::*
exagrid	ex3000	-	cpe:2.3:h:exagrid:ex3000:-:::::::*
exagrid	ex5000_firmware	4.8	cpe:2.3:o:exagrid:ex5000_firmware:4.8:::::::*
exagrid	ex5000	-	cpe:2.3:h:exagrid:ex5000:-:::::::*
exagrid	ex7000_firmware	4.8	cpe:2.3:o:exagrid:ex7000_firmware:4.8:::::::*
exagrid	ex7000	-	cpe:2.3:h:exagrid:ex7000:-:::::::*
exagrid	ex10000e_firmware	4.8	cpe:2.3:o:exagrid:ex10000e_firmware:4.8:::::::*
exagrid	ex10000e	-	cpe:2.3:h:exagrid:ex10000e:-:::::::*
exagrid	ex13000e_firmware	4.8	cpe:2.3:o:exagrid:ex13000e_firmware:4.8:::::::*
exagrid	ex13000e	-	cpe:2.3:h:exagrid:ex13000e:-:::::::*

Rows per page:

1-10 of 161

References

packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Password.html

www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey

community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.016

Percentile

87.3%

JSON

Related for CVE-2016-1560