Vulnerability Description
Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Inmarsat | Amosconnect | 8.0 |
Related Weaknesses (CWE)
References
- http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/Vendor Advisory
- http://www.securityfocus.com/bid/99899Third Party AdvisoryVDB Entry
- https://twitter.com/mkolsek/status/923988845783322625Third Party Advisory
- https://www.kb.cert.org/vuls/id/586501Third Party AdvisoryUS Government Resource
- http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/Vendor Advisory
- http://www.securityfocus.com/bid/99899Third Party AdvisoryVDB Entry
- https://twitter.com/mkolsek/status/923988845783322625Third Party Advisory
- https://www.kb.cert.org/vuls/id/586501Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-3222?
CVE-2017-3222 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM priv...
How severe is CVE-2017-3222?
CVE-2017-3222 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-3222?
Check the references section above for vendor advisories and patch information. Affected products include: Inmarsat Amosconnect.