The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor.
References
Link | Resource |
---|---|
https://w1n73r.de/CVE/2019/17584/ | Third Party Advisory |
https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1904-syncbox-ptp-ptpv2.htm | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Information
Published : 2020-01-21 12:15
Updated : 2020-01-29 09:52
NVD link : CVE-2019-17584
Mitre link : CVE-2019-17584
JSON object : View
CWE
Products Affected
meinbergglobal
- syncbox\/ptpv2
- syncbox\/ptpv2_firmware