CVE-2019-15017

Name of the Vulnerable Software and Affected Versions Zingbox Inspector versions 1.294 and earlier

Description The issue is related to the SSH service being enabled, exposing it to the local network. This, combined with other factors, can allow an attacker to authenticate to the service using hardcoded credentials. The vulnerability is associated with the use of predefined credentials, which can be exploited by a remote attacker to gain unauthorized access to the SSH service as the root user.

Recommendations For Zingbox Inspector versions 1.294 and earlier, consider disabling the SSH service to prevent exploitation until a patch is available. Restrict access to the SSH service to minimize the risk of unauthorized access. Avoid using predefined credentials for the SSH service.