PT-2015-4974 · Ceragon · Ceragon Fibeair Ip-10

Jasper Greve

Published

2015-01-17

Updated

2017-05-27

CVE-2015-0924

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Ceragon FibeAir IP-10 bridges (affected versions not specified)

Description The issue concerns a default password for the root account in Ceragon FibeAir IP-10 bridges, making it easier for remote attackers to gain access. Attackers can obtain access via various sessions, including (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI.

Recommendations For Ceragon FibeAir IP-10 bridges, change the default password for the root account to a strong, unique password to prevent unauthorized access. As a temporary workaround, consider restricting access to the HTTP, SSH, TELNET, and CLI sessions until the default password issue is resolved. Restrict access to the root account to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2015-0924

Affected Products

Ceragon Fibeair Ip-10

PT-2015-4974 · Ceragon · Ceragon Fibeair Ip-10

CVE-2015-0924

Weakness Enumeration

Related Identifiers

Affected Products

References · 2