Published: 21/04/2017 Updated: 27/04/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

ExaGrid appliances with firmware prior to 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote malicious users to obtain administrative access via an SSH or HTTP session.

Vulnerable Product	Search on Vulmon	Subscribe to Product
exagrid ex3000_firmware 4.8
exagrid ex5000_firmware 4.8
exagrid ex7000_firmware 4.8
exagrid ex10000e_firmware 4.8
exagrid ex13000e_firmware 4.8
exagrid ex21000e_firmware 4.8
exagrid ex32000e_firmware 4.8
exagrid ex40000e_firmware 4.8

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'net/ssh' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Auxiliary::Report include Msf::Exploit::Remote::SSH def initialize(info = {}) ...

CWE-798 https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey http://packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Password.html https://nvd.nist.gov https://www.exploit-db.com/exploits/41680/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-1560

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect