ID CVE-2015-8362
Summary The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984.
References
Vulnerable Configurations
  • cpe:2.3:o:harman:amx_firmware:1.2.322:*:*:*:*:*:*:*
    cpe:2.3:o:harman:amx_firmware:1.2.322:*:*:*:*:*:*:*
  • cpe:2.3:o:harman:amx_firmware:1.3.100:*:*:*:*:*:*:*
    cpe:2.3:o:harman:amx_firmware:1.3.100:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 09-10-2018 - 19:58)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 81545
bugtraq 20160121 SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices
cert-vn VU#992624
confirm
fulldisc 20160121 SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices
misc
Last major update 09-10-2018 - 19:58
Published 22-01-2016 - 11:59
Last modified 09-10-2018 - 19:58
Back to Top