CVSS Base Vector:
This host is running Array Networks vxAG/xAPV and is prone to
authentication bypass vulnerabilities.
Send a default SSH credentials and check whether it is possible to login to
the target machine
Multiple flaws are due to
- The program using insecure world writable permissions for the
- The 'mfg' account has a password of 'mfg' and the 'sync' account has a
password of 'click1', which is publicly known and documented.
- If a remote attacker has explicit knowledge of the SSH keys they can
potentially gain privileged access to the device.
Successful exploitation will allow attacker to gain unauthorized root
access to affected devices and completely compromise the devices.
Array Networks vxAG 126.96.36.199 and vAPV 188.8.131.52 appliances.
No known solution was made available for at least one year since the disclosure of
this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release,
disable respective features, remove the product or replace the product by another one.
Vendor will not fix
SecurityFocus Bugtraq ID: