CVE-2012-4702

360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf	US Government Resource
http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:360systems:image_server_2000:-:::::::*
	cpe:2.3:o:360systems:image_server_maxx:-:::::::*
	cpe:2.3:o:360systems:maxx:-:::::::*

History

21 Nov 2024, 01:43

Type	Values Removed	Values Added
References	~~() http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf - US Government Resource~~	() http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf - US Government Resource

Information

Published : 2013-03-11 17:55

Updated : 2024-11-21 01:43

NVD link : CVE-2012-4702

Mitre link : CVE-2012-4702

CVE.ORG link : CVE-2012-4702

JSON object : View

Products Affected

360systems

image_server_2000
image_server_maxx
maxx

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2012-4702", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-11T17:55:01.793", "references": [{"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session."}, {"lang": "es", "value": "360 Systems Maxx, Image Server Maxx, y el Image Server 2000 tiene una contrase\u00f1a codificada para la cuenta de root, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos ejecutar c\u00f3digo arbitrario o modificar el contenido de v\u00eddeo o la programaci\u00f3n, a trav\u00e9s de una sesi\u00f3n SSH."}], "lastModified": "2024-11-21T01:43:23.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:360systems:image_server_2000:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C68DD2F-EC97-4C8A-A650-A75F6D650519"}, {"criteria": "cpe:2.3:o:360systems:image_server_maxx:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93ADDFCF-6422-4232-80CF-AB608E171056"}, {"criteria": "cpe:2.3:o:360systems:maxx:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D606C55-B5C8-4BC7-B12A-09D207C9A13C"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}