Vulnerabilities > CVE-2014-8779 - 7PK - Security Features vulnerability in Pexip Infinity 7.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

pexip

CWE-254

NVD

Published: 2015-02-03

Updated: 2024-11-21

Summary

Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.

Vulnerable Configurations

Part	Description	Count
Application	Pexip Pexip Pexip Infinity 7.0	1

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html
http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html
http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf
http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf
http://www.securityfocus.com/archive/1/534576/100/0/threaded
http://www.securityfocus.com/archive/1/534576/100/0/threaded
http://www.securityfocus.com/bid/72359
http://www.securityfocus.com/bid/72359