Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4577

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-4577
Last Modified 20 May 2013 11:20:28
Published 21 Aug 2012 02:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4577

Summary

The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session.

Vulnerable Systems


References

MISC - http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity

BID - 55196

XF - jetport-default-password(77992)

MISC - http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02

MISC - http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02


Last Updated: 27 May 2016 10:57:36