Vulnerabilities > CVE-2015-0924 - Credentials Management vulnerability in Ceragon Fiberair Ip-10C, Fiberair Ip-10E and Fiberair Ip-10G

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

COMPLETE

Availability impact

NONE

network

low complexity

ceragon

CWE-255

NVD

Published: 2015-01-17

Updated: 2017-05-27

Summary

Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session.

Vulnerable Configurations

Part	Description	Count
Hardware	Ceragon Ceragon Fiberair IP 10C - Ceragon Fiberair IP 10E - Ceragon Fiberair IP 10G -	3

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Packetstorm

data source	https://packetstormsecurity.com/files/download/131259/ceragonfibeair-disclose.txt
id	PACKETSTORM:131259
last seen	2016-12-05
published	2015-04-02
reporter	Tod Beardsley
source	https://packetstormsecurity.com/files/131259/Ceragon-FibeAir-IP-10-SSH-Private-Key-Exposure.html
title	Ceragon FibeAir IP-10 SSH Private Key Exposure

References

http://www.kb.cert.org/vuls/id/936356