ID CVE-2016-2362
Summary Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection. <a href="http://cwe.mitre.org/data/definitions/798.html">CWE-798: Use of Hard-coded Credentials</a>
References
Vulnerable Configurations
  • cpe:2.3:a:fonality:fonality:12.6:*:*:*:*:*:*:*
    cpe:2.3:a:fonality:fonality:12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:fonality:fonality:12.8:*:*:*:*:*:*:*
    cpe:2.3:a:fonality:fonality:12.8:*:*:*:*:*:*:*
  • cpe:2.3:a:fonality:fonality:14.1i:*:*:*:*:*:*:*
    cpe:2.3:a:fonality:fonality:14.1i:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 21-06-2016 - 19:00)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
cert-vn VU#754056
Last major update 21-06-2016 - 19:00
Published 20-06-2016 - 01:59
Last modified 21-06-2016 - 19:00
Back to Top