CVE-2016-1560

Name of the Vulnerable Software and Affected Versions ExaGrid appliances with firmware before 4.8 P26

Description The issue is related to the use of default credentials in ExaGrid backup devices' firmware. Exploitation of this issue may allow a remote attacker to gain root access to the device using the default password 'inflection' for the root account via SSH or HTTP protocols. This could potentially allow administrative access to the device.

Recommendations For ExaGrid appliances with firmware before 4.8 P26, update the firmware to version 4.8 P26 or later to change the default password for the root shell account and remove support for the default support account in the web interface. As a temporary workaround, consider changing the default password for the root account and disabling the support account in the web interface until a firmware update can be applied.