Vulnerability Details CVE-2019-17584
The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 8.5
References
Products affected by CVE-2019-17584
-
cpe:2.3:h:meinbergglobal:syncbox/ptpv2:-
-
cpe:2.3:o:meinbergglobal:syncbox/ptpv2_firmware:-
-
cpe:2.3:o:meinbergglobal:syncbox/ptpv2_firmware:5.32
-
cpe:2.3:o:meinbergglobal:syncbox/ptpv2_firmware:5.34g
-
cpe:2.3:o:meinbergglobal:syncbox/ptpv2_firmware:5.34o