Vulnerabilities > CVE-2012-4702 - Credentials Management vulnerability in 360Systems Image Server 2000, Image Server Maxx and Maxx

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

360systems

CWE-255

critical

NVD

Published: 2013-03-11

Updated: 2013-03-18

Summary

360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session.

Vulnerable Configurations

Part	Description	Count
OS	360Systems 360Systems Image Server 2000 - 360Systems Image Server Maxx - 360Systems Maxx -	3

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf