Vulnerability Description
The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Meinbergglobal | Syncbox\/Ptpv2 Firmware | < 5.34o |
| Meinbergglobal | Syncbox\/Ptpv2 | - |
References
- https://w1n73r.de/CVE/2019/17584/Third Party Advisory
- https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-190Vendor Advisory
- https://w1n73r.de/CVE/2019/17584/Third Party Advisory
- https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-190Vendor Advisory
FAQ
What is CVE-2019-17584?
CVE-2019-17584 is a vulnerability with a CVSS score of 7.5 (HIGH). The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The priv...
How severe is CVE-2019-17584?
CVE-2019-17584 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17584?
Check the references section above for vendor advisories and patch information. Affected products include: Meinbergglobal Syncbox\/Ptpv2 Firmware, Meinbergglobal Syncbox\/Ptpv2.