PT-2018-11132 · Ecos · Ecos Secure Boot Stick

Franz Girlich

Published

2018-06-17

Updated

2018-08-10

CVE-2018-12336

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ECOS Secure Boot Stick (aka SBS) version 5.6.5

Description The issue concerns an undocumented factory backdoor that allows the vendor to extract confidential information via remote root SSH access.

Recommendations For ECOS Secure Boot Stick (aka SBS) version 5.6.5, consider disabling remote SSH access until a patch is available to prevent potential exploitation of the backdoor.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-12336

Affected Products

Ecos Secure Boot Stick

PT-2018-11132 · Ecos · Ecos Secure Boot Stick

CVE-2018-12336

Weakness Enumeration

Related Identifiers

Affected Products

References · 3