Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

rpc3telnet.txt

🗓️ 14 Apr 2005 00:00:00Reported by FlareType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 32 Views

Vulnerability in RPC-3 Telnet Host v3.05 by Bay Technical Associates gives unauthorized users full control of power supplies through a login-bypass issue. Extreme risk due to potential machine shutdown and disablement

Code
`Vulnerability found by Flare@CiSO  
Greets to nolimit, COREiSO, #news, and class101.  
  
Versions Tested:  
RPC-3 Telnet Host - Revision F 3.05, (C) 1998  
  
This is a basic login-bypass vulnerability found in the RPC-3 Telnet  
Host v 3.05 made by "Bay Technical Associates". This telnet daemon is  
used by many hardware appliances, often times power supplies. When a  
user logs into this telnet daemon they are able to gain full control  
of the device (in this example a power supply). We consider this  
vulnerability an extreme risk as it could allow an unauthorized user  
to login to a power supply, and disable power to a machine, thereby  
completely shutting down and disabling the aforementioned machine (or  
anything else connected to such a power supply).  
  
To carry out this exploit an attacker simply needs to telnet to the  
RPC-3 Telnet daemon on the standard telnet port, and when prompted for  
the username hit the escape key, and then enter. The attacker will  
then be logged into the Telnet Daemon.  
  
This attack was tested on RPC-3 Telnet Host version 3.05. Other  
versions were not available for testing; they may or may not prove to  
have the same vulnerability.  
  
Example:  
  
RPC-3 Telnet Host  
Revision F 3.05, (C) 1998  
Bay Technical Associates  
Unit ID: RPC3  
  
Enter username> [escape key] [enter]  
Login successful.  
  
Available RPC3 Outlets  
For command summary, enter HELP  
  
Circuit Breaker: On  
  
Selection Outlet Outlet Power  
Number Name Number Status  
  
RPC3> [attacker now has control of the appliance]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Apr 2005 00:00Current
7.4High risk
Vulners AI Score7.4
rpc-3 telnet hostbay technical associateslogin-bypassunauthorized accesspower supplyextreme riskmachine shutdown
32