CVE Vulnerabilities

CVE-2016-2362

Published: Jun 20, 2016 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection.

Affected Software

Name Vendor Start Version End Version
Fonality Fonality 12.6 (including) 12.6 (including)
Fonality Fonality 12.8 (including) 12.8 (including)
Fonality Fonality 14.1i (including) 14.1i (including)

References