Vulnerabilities > CVE-2015-0936 - Key Management Errors vulnerability in Ceragon Fibeair Ip-10 Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Hardware | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
| id | EDB-ID:41679 |
| last seen | 2018-11-30 |
| modified | 2015-04-01 |
| published | 2015-04-01 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/41679 |
| title | Ceragon FibeAir IP-10 - SSH Private Key Exposure (Metasploit) |
Metasploit
| description | Ceragon ships a public/private key pair on FibeAir IP-10 devices that allows passwordless authentication to any other IP-10 device. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "mateidu" user. |
| id | MSF:EXPLOIT/LINUX/SSH/CERAGON_FIBEAIR_KNOWN_PRIVKEY |
| last seen | 2020-06-13 |
| modified | 2018-08-16 |
| published | 2015-04-01 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb |
| title | Ceragon FibeAir IP-10 SSH Private Key Exposure |
Packetstorm
data source https://packetstormsecurity.com/files/download/142590/ceragonfibeair-backdoor.txt id PACKETSTORM:142590 last seen 2017-05-20 published 2017-05-19 reporter Ian Ling source https://packetstormsecurity.com/files/142590/Ceragon-FibeAir-IP-10-7.2.0-Hidden-User-Backdoor.html title Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor data source https://packetstormsecurity.com/files/download/131260/ceragon_fibeair_known_privkey.rb.txt id PACKETSTORM:131260 last seen 2016-12-05 published 2015-04-02 reporter H D Moore source https://packetstormsecurity.com/files/131260/Ceragon-FibeAir-IP-10-SSH-Private-Key-Exposure.html title Ceragon FibeAir IP-10 SSH Private Key Exposure data source https://packetstormsecurity.com/files/download/131259/ceragonfibeair-disclose.txt id PACKETSTORM:131259 last seen 2016-12-05 published 2015-04-02 reporter Tod Beardsley source https://packetstormsecurity.com/files/131259/Ceragon-FibeAir-IP-10-SSH-Private-Key-Exposure.html title Ceragon FibeAir IP-10 SSH Private Key Exposure
References
- https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0ahUKEwjs47SGp47UAhVF5iYKHYGLDQkQFggoMAE&url=https%3A%2F%2Fwww.rapid7.com%2Fdb%2Fmodules%2Fexploit%2Flinux%2Fssh%2Fceragon_fibeair_known_privkey&usg=AFQjCNFZiZcWj47cpqPX-AbfpsW0DL4yYw
- https://gist.github.com/todb-r7/5d86ecc8118f9eeecc15
- http://www.securityfocus.com/bid/73696
- http://seclists.org/fulldisclosure/2015/Apr/3
- http://packetstormsecurity.com/files/131260/Ceragon-FibeAir-IP-10-SSH-Private-Key-Exposure.html
- http://packetstormsecurity.com/files/131259/Ceragon-FibeAir-IP-10-SSH-Private-Key-Exposure.html