ID de Prueba:	1.3.6.1.4.1.25623.1.0.140246
Categoría:	Gain a shell remotely
Título:	SenNet Data Logger Appliances and Electricity Meters Multiple Vulnerabilities
Resumen:	The remote SenNet Appliances is affected by multiple vulnerabilities.
Descripción:	Summary: The remote SenNet Appliances is affected by multiple vulnerabilities. Vulnerability Insight: Vulnerability Details 1. No access control on the remote shell The appliance runs ARM as underlying OS. Telnet access is enabled on TCP port 5000. There is no authentication required for accessing and connecting the remote shell. Any user can connect to the shell and issue commands. 2. Shell services running with excessive privileges (superuser) The service runs with superuser root privileges, thus giving privileged access to any user, without any authentication (exploited via OS Command Injection described nexe). 3. OS Command Injection The remote shell (attempts to) offer a restricted environment, and does not allow executing system commands. However, it is possible to break out of this jailed shell by chaining specific shell meta-characters and OS commands. The service / application is run as 'root' and OS command injection results in full system access. Affected Software/OS: SenNet Optimal DataLogger appliance SenNet Solar DataLogger appliance SenNet Multitask Meter Solution: Vendor has released a fix. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.