JetPort 5600 Hardcoded Credentials Security Issue

by Carol~ Moderator - 10/24/12 8:08 AM

In Reply to: VULNERABILITIES / FIXES - October 24, 2012 by Carol~ Moderator

Release Date : 2012-10-24

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch

Operating System : JetPort 5600 2.x

Description:
A security issue has been reported in JetPort 5600, which can be exploited by malicious people to compromise a vulnerable device.

The security issue is caused due to the device using a hard-coded root credentials, which may allow full administrative access to the system.

The security issue is reported in versions prior to 2.01.

Solution:
Update to version 2.01.

Provided and/or discovered by:
ICS-CERT credits Reid Wightman, Digital Bond.

Original Advisory:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-02.pdf

http://secunia.com/advisories/51083/