Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.140246
Kategorie:Gain a shell remotely
Titel:SenNet Data Logger Appliances and Electricity Meters Multiple Vulnerabilities
Zusammenfassung:The remote SenNet Appliances is affected by multiple vulnerabilities.
Beschreibung:Summary:
The remote SenNet Appliances is affected by multiple vulnerabilities.

Vulnerability Insight:
Vulnerability Details

1. No access control on the remote shell
The appliance runs ARM as underlying OS. Telnet access is enabled on TCP
port 5000. There is no authentication required for accessing and connecting
the remote shell. Any user can connect to the shell and issue commands.

2. Shell services running with excessive privileges (superuser)
The service runs with superuser root privileges, thus giving privileged
access to any user, without any authentication (exploited via OS Command
Injection described nexe).

3. OS Command Injection
The remote shell (attempts to) offer a restricted environment, and does not
allow executing system commands. However, it is possible to break out of
this jailed shell by chaining specific shell meta-characters and OS
commands.

The service / application is run as 'root' and OS command injection results
in full system access.

Affected Software/OS:
SenNet Optimal DataLogger appliance
SenNet Solar DataLogger appliance
SenNet Multitask Meter

Solution:
Vendor has released a fix.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

CopyrightThis script is Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.