CVE-2016-1561

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:exagrid:ex3000_firmware:4.8:*:*:*:*:*:*:*
cpe:2.3:h:exagrid:ex3000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:exagrid:ex5000_firmware:4.8:*:*:*:*:*:*:*
cpe:2.3:h:exagrid:ex5000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:exagrid:ex7000_firmware:4.8:*:*:*:*:*:*:*
cpe:2.3:h:exagrid:ex7000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:exagrid:ex10000e_firmware:4.8:*:*:*:*:*:*:*
cpe:2.3:h:exagrid:ex10000e:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:exagrid:ex13000e_firmware:4.8:*:*:*:*:*:*:*
cpe:2.3:h:exagrid:ex13000e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:exagrid:ex21000e_firmware:4.8:*:*:*:*:*:*:*
cpe:2.3:h:exagrid:ex21000e:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:exagrid:ex32000e_firmware:4.8:*:*:*:*:*:*:*
cpe:2.3:h:exagrid:ex32000e:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:exagrid:ex40000e_firmware:4.8:*:*:*:*:*:*:*
cpe:2.3:h:exagrid:ex40000e:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-04-21 20:59

Updated : 2024-02-28 15:44


NVD link : CVE-2016-1561

Mitre link : CVE-2016-1561

CVE.ORG link : CVE-2016-1561


JSON object : View

Products Affected

exagrid

  • ex10000e
  • ex5000_firmware
  • ex40000e_firmware
  • ex7000_firmware
  • ex3000
  • ex7000
  • ex13000e
  • ex32000e
  • ex13000e_firmware
  • ex40000e
  • ex10000e_firmware
  • ex5000
  • ex32000e_firmware
  • ex3000_firmware
  • ex21000e_firmware
  • ex21000e
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor