Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Quantum DXi Remote 'root' Authentication Bypass Vulnerability

Information

Severity

Severity

High

Family

Family

Gain a shell remotely

CVSSv2 Base

CVSSv2 Base

7.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

8 years ago

Modified

Modified

3 years ago

Summary

This host is running Quantum DXi and is prone to authentication bypass vulnerability.

Insight

Insight

- The root user has a hardcoded password that is unknown and not changeable. Normally access is only through the restricted shells. - The /root/.ssh/authorized_keys on the appliance contains the static private ssh key. Using this key on a remote system to login through SSH will give a root shell.

Affected Software

Affected Software

Quantum DXi V1000 2.2.1 and below

Detection Method

Detection Method

Send a SSH Private Key and check whether it is possible to login to the target machine

Solution

Solution

Upgrade to Quantum DXi V1000 2.3.0.1 or later.