Vulnerability Description
The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Korenix | Jetport | 5601 |
Related Weaknesses (CWE)
References
- http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02
- http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02
- http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity
- http://www.securityfocus.com/bid/55196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77992
- http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02
- http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02
- http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity
- http://www.securityfocus.com/bid/55196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77992
FAQ
What is CVE-2012-4577?
CVE-2012-4577 is a vulnerability with a CVSS score of 10.0 (HIGH). The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, w...
How severe is CVE-2012-4577?
CVE-2012-4577 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4577?
Check the references section above for vendor advisories and patch information. Affected products include: Korenix Jetport.