CVE-2016-1560

Published on: 04/21/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:04 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Ex10000e from Exagrid contain the following vulnerability:

ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.

  • CVE-2016-1560 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 10 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
R7-2016-04: Exagrid Backdoor SSH Keys and Hardc... | Rapid7 Community and Blog Exploit
Mitigation
Third Party Advisory
community.rapid7.com
text/html
URL Logo MISC community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials
ExaGrid Known SSH Key / Default Password ≈ Packet Storm Exploit
Third Party Advisory
VDB Entry
packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Password.html
ExaGrid Known SSH Key and Default Password Third Party Advisory
www.rapid7.com
text/html
URL Logo MISC www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
HardwareExagridEx10000e-AllAllAll
HardwareExagridEx10000e-AllAllAll
Operating
System
ExagridEx10000e Firmware4.8AllAllAll
Operating
System
ExagridEx10000e Firmware4.8AllAllAll
HardwareExagridEx13000e-AllAllAll
HardwareExagridEx13000e-AllAllAll
Operating
System
ExagridEx13000e Firmware4.8AllAllAll
Operating
System
ExagridEx13000e Firmware4.8AllAllAll
HardwareExagridEx21000e-AllAllAll
HardwareExagridEx21000e-AllAllAll
Operating
System
ExagridEx21000e Firmware4.8AllAllAll
Operating
System
ExagridEx21000e Firmware4.8AllAllAll
HardwareExagridEx3000-AllAllAll
HardwareExagridEx3000-AllAllAll
Operating
System
ExagridEx3000 Firmware4.8AllAllAll
Operating
System
ExagridEx3000 Firmware4.8AllAllAll
HardwareExagridEx32000e-AllAllAll
HardwareExagridEx32000e-AllAllAll
Operating
System
ExagridEx32000e Firmware4.8AllAllAll
Operating
System
ExagridEx32000e Firmware4.8AllAllAll
HardwareExagridEx40000e-AllAllAll
HardwareExagridEx40000e-AllAllAll
Operating
System
ExagridEx40000e Firmware4.8AllAllAll
Operating
System
ExagridEx40000e Firmware4.8AllAllAll
HardwareExagridEx5000-AllAllAll
HardwareExagridEx5000-AllAllAll
Operating
System
ExagridEx5000 Firmware4.8AllAllAll
Operating
System
ExagridEx5000 Firmware4.8AllAllAll
HardwareExagridEx7000-AllAllAll
HardwareExagridEx7000-AllAllAll
Operating
System
ExagridEx7000 Firmware4.8AllAllAll
Operating
System
ExagridEx7000 Firmware4.8AllAllAll
  • cpe:2.3:h:exagrid:ex10000e:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex10000e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex10000e_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex10000e_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex13000e:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex13000e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex13000e_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex13000e_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex21000e:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex21000e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex21000e_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex21000e_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex3000:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex3000:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex3000_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex3000_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex32000e:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex32000e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex32000e_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex32000e_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex40000e:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex40000e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex40000e_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex40000e_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex5000:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex5000:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex5000_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex5000_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex7000:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:exagrid:ex7000:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex7000_firmware:4.8:*:*:*:*:*:*:*:
  • cpe:2.3:o:exagrid:ex7000_firmware:4.8:*:*:*:*:*:*:*: