Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormRicardo Jose Ruiz FernandezPACKETSTORM:171385
HistoryMar 17, 2023 - 12:00 a.m.

Riello UPS Restricted Shell Bypass

2023-03-1700:00:00
Ricardo Jose Ruiz Fernandez
packetstormsecurity.com
155
riello ups
restricted shell bypass
default credentials
ssh access
operating system
JSON
`  
I. VULNERABILITY  
-------------------------  
Riello UPS systems allow to easily escape the configuration shell and get access to the operating system  
  
II. VENDOR  
-------------------------  
Riello (https://www.riello-ups.es/)  
  
III. DESCRIPTION  
-------------------------  
Riello UPS systems allow SSH access to configure the device, sometimes with the default credentials "admin:admin".  
  
Using the "-t bash" or "-t /bin/bash" paramters it is possible to escape the restricted shell and get access to the operating system:  
  
ssh [email protected] -t bash  
`
JSON