Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.105398
Kategorie:Gain a shell remotely
Titel:Static SSH Key Used
Zusammenfassung:The remote host has a known private key installed.
Beschreibung:Summary:
The remote host has a known private key installed.

Vulnerability Impact:
A remote attacker can exploit this issue to gain unauthorized
access to affected devices. Successfully exploiting this issue allows attackers to completely
compromise the devices.

Affected Software/OS:
The following products / devices are currently checked / known to be vulnerable:

- Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 appliances

- Barracuda Load Balancer - firmware version 5.0.0.015 (CVE-2014-8428)

- Ceragon FibeAir IP-10 (CVE-2015-0936)

- ExaGrid storage devices running firmware prior to version 4.8 P26 (CVE-2016-1561)

- F5 BIG-IP version 11.1.0 build 1943.0 (CVE-2012-1493)

- Loadbalancer.org Enterprise VA 7.5.2 and below

- Digital Alert Systems DASDEC and Monroe Electronics One-Net E189 Emergency Alert System (EAS) devices (CVE-2013-0137)

- Quantum DXi V1000 2.2.1 and below

- Vagrant base boxes

- Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards
before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 (CVE-2013-3619)

Other products / devices and firmware versions might be affected as well.

Solution:
Remove the known SSH private key.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-1493
http://www.theregister.co.uk/2012/06/13/f5_kit_metasploit_exploit/
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb
https://www.trustmatta.com/advisories/MATTA-2012-002.txt
Common Vulnerability Exposure (CVE) ID: CVE-2013-0137
CERT/CC vulnerability note: VU#662676
http://www.kb.cert.org/vuls/id/662676
https://securityledger.com/2020/01/seven-years-later-scores-of-eas-systems-sit-un-patched-vulnerable/
Common Vulnerability Exposure (CVE) ID: CVE-2013-3619
https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/89044
Common Vulnerability Exposure (CVE) ID: CVE-2014-8428
http://seclists.org/fulldisclosure/2015/Jan/76
http://packetstormsecurity.com/files/130027/Barracuda-Load-Balancer-ADC-Key-Recovery-Password-Reset.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-0936
BugTraq ID: 73696
http://www.securityfocus.com/bid/73696
http://seclists.org/fulldisclosure/2015/Apr/3
http://packetstormsecurity.com/files/131259/Ceragon-FibeAir-IP-10-SSH-Private-Key-Exposure.html
http://packetstormsecurity.com/files/131260/Ceragon-FibeAir-IP-10-SSH-Private-Key-Exposure.html
https://gist.github.com/todb-r7/5d86ecc8118f9eeecc15
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0ahUKEwjs47SGp47UAhVF5iYKHYGLDQkQFggoMAE&url=https%3A%2F%2Fwww.rapid7.com%2Fdb%2Fmodules%2Fexploit%2Flinux%2Fssh%2Fceragon_fibeair_known_privkey&usg=AFQjCNFZiZcWj47cpqPX-AbfpsW0DL4yYw
Common Vulnerability Exposure (CVE) ID: CVE-2016-1561
http://packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Password.html
http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey
https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.