Vulnerability Details CVE-2016-1560
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.817
EPSS Ranking 99.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Password.html
- http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey
- https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials
- http://packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Password.html
- http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey
- https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials
Products affected by CVE-2016-1560
-
cpe:2.3:h:exagrid:ex10000e:-
-
cpe:2.3:h:exagrid:ex13000e:-
-
cpe:2.3:h:exagrid:ex21000e:-
-
cpe:2.3:h:exagrid:ex3000:-
-
cpe:2.3:h:exagrid:ex32000e:-
-
cpe:2.3:h:exagrid:ex40000e:-
-
cpe:2.3:h:exagrid:ex5000:-
-
cpe:2.3:h:exagrid:ex7000:-
-
cpe:2.3:o:exagrid:ex10000e_firmware:4.8
-
cpe:2.3:o:exagrid:ex13000e_firmware:4.8
-
cpe:2.3:o:exagrid:ex21000e_firmware:4.8
-
cpe:2.3:o:exagrid:ex3000_firmware:4.8
-
cpe:2.3:o:exagrid:ex32000e_firmware:4.8
-
cpe:2.3:o:exagrid:ex40000e_firmware:4.8
-
cpe:2.3:o:exagrid:ex5000_firmware:4.8
-
cpe:2.3:o:exagrid:ex7000_firmware:4.8