14.1I

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

fonality

critical

NVD

Published: 2016-06-20

Updated: 2016-06-21

Summary

Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection. <a href="http://cwe.mitre.org/data/definitions/798.html">CWE-798: Use of Hard-coded Credentials</a>

Vulnerable Configurations

Part	Description	Count
Application	Fonality Fonality Fonality 12.6 Fonality Fonality 12.8 Fonality Fonality 14.1I	3

References

http://www.kb.cert.org/vuls/id/754056