Dirk Wetter

**Name of the Vulnerable Software and Affected Versions** Avocent CCM console server version 2.1 CCM4850 **Description** The issue allows remote authenticated attackers to bypass port restrictions. This can be achieved by connecting to the server via SSH and using the `connect` command to access the serial port. **Recommendations** For Avocent CCM console server version 2.1 CCM4850, consider restricting access to the SSH connection and limiting the use of the `connect` command to authorized personnel only. As a temporary workaround, restrict access to the serial port until a patch is available.

Name of the Vulnerable Software and Affected Versions: Lantronix SecureLinx console server versions 2.0 through 3.0 Description: The issue allows remote attackers to obtain sensitive information, such as SSH private keys, due to insufficient access control of the /etc/ssh directory stored under the web document root. Recommendations: For versions 2.0 through 3.0, restrict access to the /etc/ssh directory to minimize the risk of exploitation. Consider reconfiguring the web document root to exclude sensitive directories.