var-201704-0308
Vulnerability from variot
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. ExaGrid is prone to multiple unauthorized-access vulnerabilities. Successfully exploiting these issues may allow an attacker to gain unauthorized access, obtain sensitive information and perform unauthorized actions; This may lead to other attacks. ExaGrid is a backup and recovery storage device based on the Linux platform of ExaGrid Company of the United States that provides deduplication function. ExaGrid appliances using firmware versions prior to 4.8 P26 have a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0308",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex10000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex13000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex21000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex3000",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex32000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex40000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex5000",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex7000",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:exagrid:ex10000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex13000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex21000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex3000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex32000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex40000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex7000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "egypt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
}
],
"trust": 0.6
},
"cve": "CVE-2016-1560",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1560",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-90379",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1560",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1560",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-1560",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-168",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90379",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1560",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "VULMON",
"id": "CVE-2016-1560"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. ExaGrid is prone to multiple unauthorized-access vulnerabilities. \nSuccessfully exploiting these issues may allow an attacker to gain unauthorized access, obtain sensitive information and perform unauthorized actions; This may lead to other attacks. ExaGrid is a backup and recovery storage device based on the Linux platform of ExaGrid Company of the United States that provides deduplication function. ExaGrid appliances using firmware versions prior to 4.8 P26 have a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1560"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "BID",
"id": "86020"
},
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "VULMON",
"id": "CVE-2016-1560"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-90379",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41680",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "VULMON",
"id": "CVE-2016-1560"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1560",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "136634",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-168",
"trust": 0.7
},
{
"db": "BID",
"id": "86020",
"trust": 0.4
},
{
"db": "EXPLOIT-DB",
"id": "41680",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-90379",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1560",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "VULMON",
"id": "CVE-2016-1560"
},
{
"db": "BID",
"id": "86020"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"id": "VAR-201704-0308",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90379"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:01:11.817000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.exagrid.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/136634/exagrid-known-ssh-key-default-password.html"
},
{
"trust": 1.9,
"url": "http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey"
},
{
"trust": 1.8,
"url": "https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1560"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1560"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/86020"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/41680/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "VULMON",
"id": "CVE-2016-1560"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "VULMON",
"id": "CVE-2016-1560"
},
{
"db": "BID",
"id": "86020"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-90379"
},
{
"date": "2017-04-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1560"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "86020"
},
{
"date": "2017-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"date": "2016-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"date": "2017-04-21T20:59:00.447000",
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-27T00:00:00",
"db": "VULHUB",
"id": "VHN-90379"
},
{
"date": "2017-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1560"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "86020"
},
{
"date": "2017-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"date": "2017-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"date": "2024-11-21T02:46:38.407000",
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ExaGrid Vulnerabilities that can gain management access in appliance firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.