CVE-2019-17584

Sažetak

The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor.

Reference

https://w1n73r.de/CVE/2019/17584/
https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1904-syncbox-ptp-ptpv2.htm

CVSS

Base:	8.5
Impact:	10.0
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-01-2020 - 17:52

Objavljeno

21-01-2020 - 20:15