CVE-2017-14027

moderate-risk

Published 2017-11-01

A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access.

Do I need to act?

0.23% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (9)

Jetnet5018G Firmware

Jetnet5310G Firmware

Jetnet5628G-R Firmware

Jetnet5728G-24P Firmware

Jetnet5828G Firmware

Jetnet6710G Firmware

Jetnet6710G-Hvdc Firmware

Jetnet5428G-2G-2Fx Firmware

Jetnet5628G Firmware

Affected Vendors

Korenix

References (4)

Third Party Advisory http://www.securityfocus.com/bid/101598

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01

Third Party Advisory http://www.securityfocus.com/bid/101598

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 15/34 · Moderate