CVE-2024-28812

Name of the Vulnerable Software and Affected Versions: Infinera hiT 7300 version 5.60.50

Description: An issue was discovered in the Infinera hiT 7300, where a hidden SSH service on the local management network interface has hardcoded credentials. This allows attackers to access the appliance operating system with highest privileges via an SSH connection. The vulnerability can be exploited by a remote attacker to gain access to diagnostic files and potentially elevate their privileges.

Recommendations: For Infinera hiT 7300 version 5.60.50, consider disabling the hidden SSH service on the local management network interface as a temporary workaround until a patch is available. Restrict access to the appliance operating system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.