var-201704-0309
Vulnerability from variot
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. ExaGrid is prone to multiple unauthorized-access vulnerabilities. Successfully exploiting these issues may allow an attacker to gain unauthorized access, obtain sensitive information and perform unauthorized actions; This may lead to other attacks. ExaGrid is a backup and recovery storage device based on the Linux platform of ExaGrid Company of the United States that provides deduplication function. ExaGrid appliances using firmware versions prior to 4.8 P26 have a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex10000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex13000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex21000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex3000",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex32000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex40000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex5000",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex7000",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:exagrid:ex10000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex13000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex21000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex3000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex32000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex40000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex7000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "egypt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
}
],
"trust": 0.6
},
"cve": "CVE-2016-1561",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1561",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90380",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1561",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1561",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1561",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-169",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90380",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-1561",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "VULMON",
"id": "CVE-2016-1561"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. ExaGrid is prone to multiple unauthorized-access vulnerabilities. \nSuccessfully exploiting these issues may allow an attacker to gain unauthorized access, obtain sensitive information and perform unauthorized actions; This may lead to other attacks. ExaGrid is a backup and recovery storage device based on the Linux platform of ExaGrid Company of the United States that provides deduplication function. ExaGrid appliances using firmware versions prior to 4.8 P26 have a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1561"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "BID",
"id": "86020"
},
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "VULMON",
"id": "CVE-2016-1561"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-90380",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41680",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "VULMON",
"id": "CVE-2016-1561"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1561",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "136634",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-169",
"trust": 0.7
},
{
"db": "BID",
"id": "86020",
"trust": 0.4
},
{
"db": "EXPLOIT-DB",
"id": "41680",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-90380",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1561",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "VULMON",
"id": "CVE-2016-1561"
},
{
"db": "BID",
"id": "86020"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"id": "VAR-201704-0309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90380"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:01:11.859000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.exagrid.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/136634/exagrid-known-ssh-key-default-password.html"
},
{
"trust": 1.9,
"url": "http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey"
},
{
"trust": 1.8,
"url": "https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1561"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1561"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/86020"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/41680/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "VULMON",
"id": "CVE-2016-1561"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "VULMON",
"id": "CVE-2016-1561"
},
{
"db": "BID",
"id": "86020"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-90380"
},
{
"date": "2017-04-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1561"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "86020"
},
{
"date": "2017-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"date": "2016-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"date": "2017-04-21T20:59:00.477000",
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-27T00:00:00",
"db": "VULHUB",
"id": "VHN-90380"
},
{
"date": "2017-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1561"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "86020"
},
{
"date": "2017-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"date": "2017-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"date": "2024-11-21T02:46:38.530000",
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ExaGrid In the appliance firmware SSH Vulnerability for which access rights are acquired",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.