Vulnerability Details : CVE-2012-4577
The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session.
Exploit prediction scoring system (EPSS) score for CVE-2012-4577
Probability of exploitation activity in the next 30 days: 1.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-4577
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2012-4577
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4577
-
http://www.securityfocus.com/bid/55196
Korenix Jetport 5600 Series Default Credentials Authentication Bypass Vulnerability
-
http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02
ORing Industrial Networking IDS-5042/5042+ Hard-Coded Credential Vulnerability | CISA
-
http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02
Korenix Jetport 5600 Series Hard-coded Credentials | CISA
-
http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity
Digital Bond Archives - Dale Peterson ICS Security Expert
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/77992
Korenix Jetport 5600 series default password CVE-2012-4577 Vulnerability Report
Products affected by CVE-2012-4577
- cpe:2.3:h:korenix:jetport:5601:*:*:*:*:*:*:*
- cpe:2.3:h:korenix:jetport:5601f:*:*:*:*:*:*:*
- cpe:2.3:h:korenix:jetport:5604:*:*:*:*:*:*:*
- cpe:2.3:h:korenix:jetport:5604i:*:*:*:*:*:*:*