Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by ceragon
VAR-201703-0104
Vulnerability from variot - Updated: 2023-12-18 14:05In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. Ceragon FibeAir IP-10 of GUI Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Ceragon FibeAir IP-10 is a wireless microwave transmission device from Israel's Ceragon. An authentication bypass vulnerability exists in Ceragon FibeAir IP-10 versions prior to 7.2.0. An attacker could use this vulnerability to bypass the authentication mechanism and perform unauthorized operations. Ceragon FibeAir IP-10 is prone to an authentication-bypass vulnerability. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0104",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fibeair ip-10",
"scope": "lte",
"trust": 1.0,
"vendor": "ceragon",
"version": "7.1.0"
},
{
"model": "fibeair ip-10",
"scope": "lt",
"trust": 0.8,
"vendor": "ceragon",
"version": "7.2.0"
},
{
"model": "fiberair ip-10",
"scope": "lt",
"trust": 0.6,
"vendor": "ceragon",
"version": "7.2.0"
},
{
"model": "fibeair ip-10",
"scope": "eq",
"trust": 0.6,
"vendor": "ceragon",
"version": "7.1.0"
},
{
"model": "fibeair ip-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ceragon",
"version": "0"
},
{
"model": "fibeair ip-10",
"scope": "ne",
"trust": 0.3,
"vendor": "ceragon",
"version": "7.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05104"
},
{
"db": "BID",
"id": "91263"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008200"
},
{
"db": "NVD",
"id": "CVE-2016-10309"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1390"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ceragon:fibeair_ip-10_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ceragon:fibeair_ip-10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10309"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ian Ling",
"sources": [
{
"db": "BID",
"id": "91263"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-478"
}
],
"trust": 0.9
},
"cve": "CVE-2016-10309",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-10309",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-05104",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-89072",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-10309",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-10309",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-05104",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1390",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-89072",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05104"
},
{
"db": "VULHUB",
"id": "VHN-89072"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008200"
},
{
"db": "NVD",
"id": "CVE-2016-10309"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1390"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. Ceragon FibeAir IP-10 of GUI Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Ceragon FibeAir IP-10 is a wireless microwave transmission device from Israel\u0027s Ceragon. \nAn authentication bypass vulnerability exists in Ceragon FibeAir IP-10 versions prior to 7.2.0. An attacker could use this vulnerability to bypass the authentication mechanism and perform unauthorized operations. Ceragon FibeAir IP-10 is prone to an authentication-bypass vulnerability. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10309"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008200"
},
{
"db": "CNVD",
"id": "CNVD-2016-05104"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-478"
},
{
"db": "BID",
"id": "91263"
},
{
"db": "VULHUB",
"id": "VHN-89072"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10309",
"trust": 2.8
},
{
"db": "BID",
"id": "91263",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008200",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1390",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-05104",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201607-478",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-89072",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05104"
},
{
"db": "VULHUB",
"id": "VHN-89072"
},
{
"db": "BID",
"id": "91263"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008200"
},
{
"db": "NVD",
"id": "CVE-2016-10309"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-478"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1390"
}
]
},
"id": "VAR-201703-0104",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05104"
},
{
"db": "VULHUB",
"id": "VHN-89072"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05104"
}
]
},
"last_update_date": "2023-12-18T14:05:50.781000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FibeAir IP-20 Platform",
"trust": 0.8,
"url": "https://www.ceragon.com/products/fibeair-ip-20-platform/"
},
{
"title": "CeragonFibeAirIP-10 authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/79410"
},
{
"title": "Ceragon FibeAir IP-10 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68892"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05104"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008200"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1390"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89072"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008200"
},
{
"db": "NVD",
"id": "CVE-2016-10309"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/91263"
},
{
"trust": 1.7,
"url": "http://blog.iancaling.com/post/145973147383"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10309"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10309"
},
{
"trust": 0.8,
"url": "http://blog.iancaling.com/post/145973147383/authentication-bypass-in-ceragon-fibeair-ip-10-web"
},
{
"trust": 0.6,
"url": "https://www.ceragon.com/"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2016/jun/34"
},
{
"trust": 0.3,
"url": "https://www.ceragon.com/products-ceragon/packet-hybrid-microwave/fibeair-ip-10e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05104"
},
{
"db": "VULHUB",
"id": "VHN-89072"
},
{
"db": "BID",
"id": "91263"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008200"
},
{
"db": "NVD",
"id": "CVE-2016-10309"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-478"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1390"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-05104"
},
{
"db": "VULHUB",
"id": "VHN-89072"
},
{
"db": "BID",
"id": "91263"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008200"
},
{
"db": "NVD",
"id": "CVE-2016-10309"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-478"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1390"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05104"
},
{
"date": "2017-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-89072"
},
{
"date": "2016-06-15T00:00:00",
"db": "BID",
"id": "91263"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008200"
},
{
"date": "2017-03-30T07:59:00.267000",
"db": "NVD",
"id": "CVE-2016-10309"
},
{
"date": "2016-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-478"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1390"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05104"
},
{
"date": "2017-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-89072"
},
{
"date": "2017-04-04T00:03:00",
"db": "BID",
"id": "91263"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008200"
},
{
"date": "2017-04-05T01:59:00.267000",
"db": "NVD",
"id": "CVE-2016-10309"
},
{
"date": "2016-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-478"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1390"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-478"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1390"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ceragon FibeAir IP-10 Authentication Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05104"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-478"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-478"
}
],
"trust": 0.6
}
}
VAR-201705-3845
Vulnerability from variot - Updated: 2023-12-18 13:19Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device's settings. However, when using SSH, this gives an attacker access to a Linux shell. NOTE: the vendor has commented "The mateidu user is a known user, which is mentioned in the FibeAir IP-10 User Guide. Customers are instructed to change the mateidu user password. Changing the user password fully solves the vulnerability.". Ceragon FibeAir IP-10 Wireless receivers contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CeragonFibeAirIP-10wirelessradios is a wireless microwave transmission device from Israel's Ceragon. A security vulnerability exists in CeragonFibeAirIP-10wirelessradios7.2.0 and earlier, which originated from the default password in the mateid account
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3845",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fiberair ip-10",
"scope": "lte",
"trust": 1.0,
"vendor": "ceragon",
"version": "7.2.0"
},
{
"model": "fibeair ip-10",
"scope": "lte",
"trust": 0.8,
"vendor": "ceragon",
"version": "7.2.0"
},
{
"model": "fibeair ip-10 wireless radios",
"scope": "lte",
"trust": 0.6,
"vendor": "ceragon",
"version": "\u003c=7.2.0"
},
{
"model": "fiberair ip-10",
"scope": "eq",
"trust": 0.6,
"vendor": "ceragon",
"version": "7.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08177"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004381"
},
{
"db": "NVD",
"id": "CVE-2017-9137"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-917"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ceragon:fiberair_ip-10_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9137"
}
]
},
"cve": "CVE-2017-9137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9137",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-08177",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-117340",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-9137",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9137",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-08177",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-917",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-117340",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08177"
},
{
"db": "VULHUB",
"id": "VHN-117340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004381"
},
{
"db": "NVD",
"id": "CVE-2017-9137"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-917"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device\u0027s settings. However, when using SSH, this gives an attacker access to a Linux shell. NOTE: the vendor has commented \"The mateidu user is a known user, which is mentioned in the FibeAir IP-10 User Guide. Customers are instructed to change the mateidu user password. Changing the user password fully solves the vulnerability.\". Ceragon FibeAir IP-10 Wireless receivers contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CeragonFibeAirIP-10wirelessradios is a wireless microwave transmission device from Israel\u0027s Ceragon. A security vulnerability exists in CeragonFibeAirIP-10wirelessradios7.2.0 and earlier, which originated from the default password in the mateid account",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9137"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004381"
},
{
"db": "CNVD",
"id": "CNVD-2017-08177"
},
{
"db": "VULHUB",
"id": "VHN-117340"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9137",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004381",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-917",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-08177",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-117340",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08177"
},
{
"db": "VULHUB",
"id": "VHN-117340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004381"
},
{
"db": "NVD",
"id": "CVE-2017-9137"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-917"
}
]
},
"id": "VAR-201705-3845",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08177"
},
{
"db": "VULHUB",
"id": "VHN-117340"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08177"
}
]
},
"last_update_date": "2023-12-18T13:19:28.838000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FibeAir IP-10",
"trust": 0.8,
"url": "http://www.cbl.cz/pdf/multiplexery-licensovane-pasmo/ceragon-fibeair-ip-10.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004381"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004381"
},
{
"db": "NVD",
"id": "CVE-2017-9137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://blog.iancaling.com/post/160817658078"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9137"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9137"
},
{
"trust": 0.8,
"url": "http://blog.iancaling.com/post/160817658078/ceragon-fibeair-ip-10-hidden-user-backdoor"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08177"
},
{
"db": "VULHUB",
"id": "VHN-117340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004381"
},
{
"db": "NVD",
"id": "CVE-2017-9137"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-917"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-08177"
},
{
"db": "VULHUB",
"id": "VHN-117340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004381"
},
{
"db": "NVD",
"id": "CVE-2017-9137"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-917"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08177"
},
{
"date": "2017-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-117340"
},
{
"date": "2017-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004381"
},
{
"date": "2017-05-21T21:29:00.410000",
"db": "NVD",
"id": "CVE-2017-9137"
},
{
"date": "2017-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-917"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08177"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-117340"
},
{
"date": "2017-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004381"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-9137"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-917"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-917"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ceragon FibeAir IP-10 Vulnerabilities related to certificate and password management in wireless receivers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004381"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-917"
}
],
"trust": 0.6
}
}
VAR-201706-0182
Vulnerability from variot - Updated: 2023-12-18 13:19Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. The Ceragon FiberAir IP-10 is a wireless microwave transmission device from Israel's Ceragon. Ceragon FiberAir IP-10 is prone to an information-disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0182",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fibeair ip-10",
"scope": "eq",
"trust": 1.0,
"vendor": "ceragon",
"version": null
},
{
"model": "fibeair ip-10",
"scope": null,
"trust": 0.8,
"vendor": "ceragon",
"version": null
},
{
"model": "fiberair ip-10",
"scope": null,
"trust": 0.6,
"vendor": "ceragon",
"version": null
},
{
"model": "fiberair ip-10",
"scope": "eq",
"trust": 0.6,
"vendor": "ceragon",
"version": null
},
{
"model": "fibeair ip-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ceragon",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04238"
},
{
"db": "BID",
"id": "73696"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007579"
},
{
"db": "NVD",
"id": "CVE-2015-0936"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-539"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ceragon:fibeair_ip-10_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ceragon:fibeair_ip-10c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ceragon:fibeair_ip-10e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ceragon:fibeair_ip-10g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0936"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HD Moore and Tod Beardsley",
"sources": [
{
"db": "BID",
"id": "73696"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-539"
}
],
"trust": 0.9
},
"cve": "CVE-2015-0936",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-0936",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04238",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-78882",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-0936",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0936",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2015-04238",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-539",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-78882",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04238"
},
{
"db": "VULHUB",
"id": "VHN-78882"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007579"
},
{
"db": "NVD",
"id": "CVE-2015-0936"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-539"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. The Ceragon FiberAir IP-10 is a wireless microwave transmission device from Israel\u0027s Ceragon. Ceragon FiberAir IP-10 is prone to an information-disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0936"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007579"
},
{
"db": "CNVD",
"id": "CNVD-2015-04238"
},
{
"db": "BID",
"id": "73696"
},
{
"db": "VULHUB",
"id": "VHN-78882"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-78882",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78882"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0936",
"trust": 3.4
},
{
"db": "BID",
"id": "73696",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "131260",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "131259",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007579",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-539",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04238",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "142590",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "41679",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-78882",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04238"
},
{
"db": "VULHUB",
"id": "VHN-78882"
},
{
"db": "BID",
"id": "73696"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007579"
},
{
"db": "NVD",
"id": "CVE-2015-0936"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-539"
}
]
},
"id": "VAR-201706-0182",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04238"
},
{
"db": "VULHUB",
"id": "VHN-78882"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04238"
}
]
},
"last_update_date": "2023-12-18T13:19:28.499000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.ceragon.com/"
},
{
"title": "Ceragon FiberAir Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=154647"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007579"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-539"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-320",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78882"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007579"
},
{
"db": "NVD",
"id": "CVE-2015-0936"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://gist.github.com/todb-r7/5d86ecc8118f9eeecc15"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/73696"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2015/apr/3"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/131259/ceragon-fibeair-ip-10-ssh-private-key-exposure.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/131260/ceragon-fibeair-ip-10-ssh-private-key-exposure.html"
},
{
"trust": 1.0,
"url": "https://www.google.com/url?sa=t\u0026rct=j\u0026q=\u0026esrc=s\u0026source=web\u0026cd=2\u0026cad=rja\u0026uact=8\u0026ved=0ahukewjs47sgp47uahvf5iykhygldqkqfggomae\u0026url=https%3a%2f%2fwww.rapid7.com%2fdb%2fmodules%2fexploit%2flinux%2fssh%2fceragon_fibeair_known_privkey\u0026usg=afqjcnfzizcwj47cpqpx-abfpsw0dl4yyw"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0936"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0936"
},
{
"trust": 0.6,
"url": "https%3a%2f%2fwww.rapid7.com%2fdb%2fmodules%2fexploit%2flinux%2fssh%2fceragon_fibeair_known_privkey\u0026usg=afqjcnfzizcwj47cpqpx-abfpsw0dl4yyw"
},
{
"trust": 0.6,
"url": "https://www.google.com/url?sa=t\u0026rct=j\u0026q=\u0026esrc=s\u0026source=web\u0026cd=2\u0026cad=rja\u0026uact=8\u0026ved=0ahukewjs47sgp47uahvf5iykhygldqkqfggomae\u0026url="
},
{
"trust": 0.3,
"url": "http://www.ceragon.com"
},
{
"trust": 0.1,
"url": "https://www.google.com/url?sa=t\u0026amp;rct=j\u0026amp;q=\u0026amp;esrc=s\u0026amp;source=web\u0026amp;cd=2\u0026amp;cad=rja\u0026amp;uact=8\u0026amp;ved=0ahukewjs47sgp47uahvf5iykhygldqkqfggomae\u0026amp;url=https%3a%2f%2fwww.rapid7.com%2fdb%2fmodules%2fexploit%2flinux%2fssh%2fceragon_fibeair_known_privkey\u0026amp;usg=afqjcnfzizcwj47cpqpx-abfpsw0dl4yyw"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04238"
},
{
"db": "VULHUB",
"id": "VHN-78882"
},
{
"db": "BID",
"id": "73696"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007579"
},
{
"db": "NVD",
"id": "CVE-2015-0936"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-539"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04238"
},
{
"db": "VULHUB",
"id": "VHN-78882"
},
{
"db": "BID",
"id": "73696"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007579"
},
{
"db": "NVD",
"id": "CVE-2015-0936"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-539"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04238"
},
{
"date": "2017-06-01T00:00:00",
"db": "VULHUB",
"id": "VHN-78882"
},
{
"date": "2015-04-01T00:00:00",
"db": "BID",
"id": "73696"
},
{
"date": "2017-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007579"
},
{
"date": "2017-06-01T16:29:00.200000",
"db": "NVD",
"id": "CVE-2015-0936"
},
{
"date": "2015-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-539"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04238"
},
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-78882"
},
{
"date": "2015-04-01T00:00:00",
"db": "BID",
"id": "73696"
},
{
"date": "2017-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007579"
},
{
"date": "2021-06-17T17:41:56.570000",
"db": "NVD",
"id": "CVE-2015-0936"
},
{
"date": "2021-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-539"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-539"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ceragon FibeAir IP-10 In SSH Vulnerability for which access rights are acquired",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007579"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-539"
}
],
"trust": 0.6
}
}
VAR-201501-0735
Vulnerability from variot - Updated: 2023-12-18 13:03Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session. Ceragon FiberAir IP-10 Microwave Bridge contains a default root password. CWE-259: Use of Hard-coded Password http://cwe.mitre.org/data/definitions/259.htmlA remote attacker may obtain administrator privileges for the device. The Ceragon FiberAir IP-10 is a wireless microwave device. A security vulnerability exists in Ceragon FiberAir IP-10 hard-coded credentials that allows an attacker to exploit this vulnerability to bypass certain authentication access devices. Ceragon FiberAir IP-10 microwave bridge is prone to a security-bypass vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0735",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fiberair ip-10e",
"scope": "eq",
"trust": 1.6,
"vendor": "ceragon",
"version": null
},
{
"model": "fiberair ip-10g",
"scope": "eq",
"trust": 1.6,
"vendor": "ceragon",
"version": null
},
{
"model": "fiberair ip-10c",
"scope": "eq",
"trust": 1.6,
"vendor": "ceragon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ceragon",
"version": null
},
{
"model": "fibeair ip-10",
"scope": null,
"trust": 0.8,
"vendor": "ceragon",
"version": null
},
{
"model": "fiberair ip-10",
"scope": null,
"trust": 0.6,
"vendor": "ceragon",
"version": null
},
{
"model": "fibeair ip-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ceragon",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#936356"
},
{
"db": "CNVD",
"id": "CNVD-2015-00446"
},
{
"db": "BID",
"id": "72107"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001054"
},
{
"db": "NVD",
"id": "CVE-2015-0924"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-375"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ceragon:fiberair_ip-10g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ceragon:fiberair_ip-10c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ceragon:fiberair_ip-10e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0924"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jasper Greve",
"sources": [
{
"db": "BID",
"id": "72107"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.8,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-0924",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "UNCORROBORATED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-001054",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00446",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0924",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2015-001054",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-00446",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-375",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#936356"
},
{
"db": "CNVD",
"id": "CNVD-2015-00446"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001054"
},
{
"db": "NVD",
"id": "CVE-2015-0924"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-375"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session. Ceragon FiberAir IP-10 Microwave Bridge contains a default root password. CWE-259: Use of Hard-coded Password http://cwe.mitre.org/data/definitions/259.htmlA remote attacker may obtain administrator privileges for the device. The Ceragon FiberAir IP-10 is a wireless microwave device. A security vulnerability exists in Ceragon FiberAir IP-10 hard-coded credentials that allows an attacker to exploit this vulnerability to bypass certain authentication access devices. Ceragon FiberAir IP-10 microwave bridge is prone to a security-bypass vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0924"
},
{
"db": "CERT/CC",
"id": "VU#936356"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001054"
},
{
"db": "CNVD",
"id": "CNVD-2015-00446"
},
{
"db": "BID",
"id": "72107"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0924",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#936356",
"trust": 3.5
},
{
"db": "BID",
"id": "72107",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU93489463",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001054",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-00446",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201501-375",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#936356"
},
{
"db": "CNVD",
"id": "CNVD-2015-00446"
},
{
"db": "BID",
"id": "72107"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001054"
},
{
"db": "NVD",
"id": "CVE-2015-0924"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-375"
}
]
},
"id": "VAR-201501-0735",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00446"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00446"
}
]
},
"last_update_date": "2023-12-18T13:03:28.570000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FibeAirR IP-10C",
"trust": 0.8,
"url": "http://www.ceragon.com/products-ceragon/packet-hybrid-microwave/fibeair-ip-10c"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001054"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001054"
},
{
"db": "NVD",
"id": "CVE-2015-0924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/936356"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0924"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "http://www.ceragon.com/products-ceragon/packet-hybrid-microwave/fibeair-ip-10c"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0924"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93489463/index.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72107"
},
{
"trust": 0.3,
"url": "http://www.ceragon.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#936356"
},
{
"db": "CNVD",
"id": "CNVD-2015-00446"
},
{
"db": "BID",
"id": "72107"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001054"
},
{
"db": "NVD",
"id": "CVE-2015-0924"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-375"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#936356"
},
{
"db": "CNVD",
"id": "CNVD-2015-00446"
},
{
"db": "BID",
"id": "72107"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001054"
},
{
"db": "NVD",
"id": "CVE-2015-0924"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-375"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-16T00:00:00",
"db": "CERT/CC",
"id": "VU#936356"
},
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00446"
},
{
"date": "2015-01-16T00:00:00",
"db": "BID",
"id": "72107"
},
{
"date": "2015-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001054"
},
{
"date": "2015-01-17T11:59:06.127000",
"db": "NVD",
"id": "CVE-2015-0924"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-375"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "CERT/CC",
"id": "VU#936356"
},
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00446"
},
{
"date": "2015-01-16T00:00:00",
"db": "BID",
"id": "72107"
},
{
"date": "2015-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001054"
},
{
"date": "2017-05-27T01:29:00.607000",
"db": "NVD",
"id": "CVE-2015-0924"
},
{
"date": "2015-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-375"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-375"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ceragon FiberAir IP-10 Microwave Bridge contains a default root password",
"sources": [
{
"db": "CERT/CC",
"id": "VU#936356"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-375"
}
],
"trust": 0.6
}
}
CVE-2017-9137 (GCVE-0-2017-9137)
Vulnerability from nvd – Published: 2017-05-21 21:00 – Updated: 2024-08-05 16:55
VLAI
Summary
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device's settings. However, when using SSH, this gives an attacker access to a Linux shell. NOTE: the vendor has commented "The mateidu user is a known user, which is mentioned in the FibeAir IP-10 User Guide. Customers are instructed to change the mateidu user password. Changing the user password fully solves the vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://blog.iancaling.com/post/160817658078 | x_refsource_MISC |
Date Public
2017-05-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:22.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.iancaling.com/post/160817658078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device\u0027s settings. However, when using SSH, this gives an attacker access to a Linux shell. NOTE: the vendor has commented \"The mateidu user is a known user, which is mentioned in the FibeAir IP-10 User Guide. Customers are instructed to change the mateidu user password. Changing the user password fully solves the vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-02T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.iancaling.com/post/160817658078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device\u0027s settings. However, when using SSH, this gives an attacker access to a Linux shell. NOTE: the vendor has commented \"The mateidu user is a known user, which is mentioned in the FibeAir IP-10 User Guide. Customers are instructed to change the mateidu user password. Changing the user password fully solves the vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.iancaling.com/post/160817658078",
"refsource": "MISC",
"url": "http://blog.iancaling.com/post/160817658078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9137",
"datePublished": "2017-05-21T21:00:00.000Z",
"dateReserved": "2017-05-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:55:22.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0924 (GCVE-0-2015-0924)
Vulnerability from nvd – Published: 2015-01-17 11:00 – Updated: 2024-08-06 04:26
VLAI
Summary
Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/936356 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2015-01-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#936356",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/936356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T19:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#936356",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/936356"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#936356",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/936356"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0924",
"datePublished": "2015-01-17T11:00:00.000Z",
"dateReserved": "2015-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:11.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9137 (GCVE-0-2017-9137)
Vulnerability from cvelistv5 – Published: 2017-05-21 21:00 – Updated: 2024-08-05 16:55
VLAI
Summary
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device's settings. However, when using SSH, this gives an attacker access to a Linux shell. NOTE: the vendor has commented "The mateidu user is a known user, which is mentioned in the FibeAir IP-10 User Guide. Customers are instructed to change the mateidu user password. Changing the user password fully solves the vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://blog.iancaling.com/post/160817658078 | x_refsource_MISC |
Date Public
2017-05-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:22.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.iancaling.com/post/160817658078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device\u0027s settings. However, when using SSH, this gives an attacker access to a Linux shell. NOTE: the vendor has commented \"The mateidu user is a known user, which is mentioned in the FibeAir IP-10 User Guide. Customers are instructed to change the mateidu user password. Changing the user password fully solves the vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-02T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.iancaling.com/post/160817658078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device\u0027s settings. However, when using SSH, this gives an attacker access to a Linux shell. NOTE: the vendor has commented \"The mateidu user is a known user, which is mentioned in the FibeAir IP-10 User Guide. Customers are instructed to change the mateidu user password. Changing the user password fully solves the vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.iancaling.com/post/160817658078",
"refsource": "MISC",
"url": "http://blog.iancaling.com/post/160817658078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9137",
"datePublished": "2017-05-21T21:00:00.000Z",
"dateReserved": "2017-05-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:55:22.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0924 (GCVE-0-2015-0924)
Vulnerability from cvelistv5 – Published: 2015-01-17 11:00 – Updated: 2024-08-06 04:26
VLAI
Summary
Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/936356 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2015-01-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#936356",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/936356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T19:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#936356",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/936356"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#936356",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/936356"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-0924",
"datePublished": "2015-01-17T11:00:00.000Z",
"dateReserved": "2015-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:11.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}