Vulners
Lucene search
Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor Vulnerability
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Ceragon FibeAir IP-10 SSH Private Key Exposure Exploit | 3 Apr 201500:00 | – | zdt |
| Ceragon FibeAir IP-10 SSH Private Key Exposure Vulnerability | 3 Apr 201500:00 | – | zdt |
| Ceragon FibeAir IP-10 - SSH Private Key Exposure Exploit | 23 Mar 201700:00 | – | zdt |
 | CVE-2015-0936 | 1 Apr 201500:00 | – | circl |
 | Ceragon FiberAir IP-10 Private Key Vulnerability | 2 Jul 201500:00 | – | cnvd |
 | CVE-2015-0936 | 1 Jun 201716:00 | – | cve |
 | CVE-2015-0936 | 1 Jun 201716:00 | – | cvelist |
 | Ceragon FibeAir IP-10 - SSH Private Key Exposure (Metasploit) | 1 Apr 201500:00 | – | exploitdb |
 | Ceragon FibeAir IP-10 SSH Private Key Exposure | 1 Apr 201519:05 | – | metasploit |
 | CVE-2015-0936 | 1 Jun 201716:29 | – | nvd |
10
[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/160817658078
Vendor:
=================
https://www.ceragon.com
Products:
======================
Ceragon FibeAir IP-10 (<=7.2.0) (latest version)
Vulnerability Types:
===================
Hidden User Backdoor
Vulnerability Details:
=====================
Ceragon FibeAir IP-10 wireless radios contain a hidden user account with
a default password set by the vendor. This user can be accessed via both
the web interface and SSH. In the web interface, this simply grants an
attacker read-only access to the deviceas settings. However, when using
SSH, this user gives an attacker access to a Linux shell.
While the mateidu user does not have root privileges in the Linux shell,
these devices run an outdated Linux kernel that may be vulnerable to
privilege escalation exploits.
The vendor recommends that users alog as mateidu user and change the
password via the GUI this will close the old internal protection port
access. [sic]a
The mateidu useras password is the same as its username.
This vulnerability is similar to CVE-2015-0936, which detailed the
discovery of an RSA key pair that allowed an attacker to log in as the
mateidu user via SSH.
Disclosure Timeline:
===================================
2017/05/12 - Contacted vendor
2017/05/14 - Vendor acknowledges report
2017/05/16 - Vendor sends their recommendation
2017/05/18 - Publicly disclosed
# 0day.today [2018-01-06] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 May 2017 00:00Current
9.2High risk
Vulners AI Score9.2
EPSS0.86318