CVE Vulnerabilities

CVE-2019-17584

Published: Jan 21, 2020 | Modified: Jan 29, 2020
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
8.5 HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor.

Affected Software

Name Vendor Start Version End Version
Syncbox/ptpv2_firmware Meinbergglobal * 5.34o (excluding)

References