CVE-2016-1561

high-risk

Published 2017-04-21

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.

Do I need to act?

84.4% chance of exploitation in next 30 days

EPSS score — higher than 16% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

41680

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (8)

Ex21000E Firmware

Ex32000E Firmware

Ex40000E Firmware

Ex3000 Firmware

Ex5000 Firmware

Ex7000 Firmware

Ex10000E Firmware

Ex13000E Firmware

Affected Vendors

Exagrid

References (6)

Exploit http://packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Passwo...

Third Party Advisory http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey

Exploit https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagri...

Exploit http://packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Passwo...

Third Party Advisory http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey

Exploit https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagri...

/ 100

high-risk

Severity 26/34 · High

Exploitability 27/34 · High

Exposure 14/34 · Moderate