PT-2020-12679 · Opsramp · Opsramp Gateway

Published

2020-04-07

Updated

2020-07-27

CVE-2020-11543

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpsRamp Gateway versions prior to 7.0.0

Description The issue concerns a backdoor account named vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This account has been removed in the resolved version, where only an administrator and a system user account are available for the gateway appliance.

Recommendations For OpsRamp Gateway versions prior to 7.0.0, update to version 7.0.0 or later to resolve the issue, as this version removes the backdoor account and only allows access through an administrator and a system user account.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2020-11543

Affected Products

Opsramp Gateway

PT-2020-12679 · Opsramp · Opsramp Gateway

CVE-2020-11543

Weakness Enumeration

Related Identifiers

Affected Products

References · 5