8.5

CVE-2019-17584

The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MeinbergglobalSyncbox/ptpv2 Firmware Version < 5.34o
   MeinbergglobalSyncbox/ptpv2 Version-
MeinbergglobalSyncbox/ptpv2 Firmware Version < 5.34s
   MeinbergglobalSyncbox/ptpv2 Version-
MeinbergglobalSyncbox/ptpv2 Firmware Version < 5.32
   MeinbergglobalSyncbox/ptpv2 Version-
MeinbergglobalSyncbox/ptpv2 Firmware Version < 5.34g
   MeinbergglobalSyncbox/ptpv2 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.689
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 8.5 6.8 10
AV:N/AC:M/Au:S/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://w1n73r.de/CVE/2019/17584/
Third Party Advisory