Main Vulnerability Database SB2017102702

SB2017102702 - Multiple vulnerabilities in Korenix JetNet

Published: October 27, 2017

Security Bulletin ID SB2017102702

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 vulnerabilities.

1) Use of hard-coded cryptographic key (CVE-ID: CVE-2017-14021)

The vulnerability allows a remote attacker to perform MITM-attack on the target system.

The weakness exists due use of hard-coded cryptographic key. A remote attacker can gain access to hard-coded certificates and private keys and perform man-in-the-middle attacks.

2) Use of hard-coded credentials (CVE-ID: CVE-2017-14027)

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due use of undocumented hard-coded credentials. A remote attacker can bypass security restrictions and gain remote access to the target system.

Remediation

Install update from vendor's website.

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01

SB2017102702 - Multiple vulnerabilities in Korenix JetNet

Breakdown by Severity

Description

Remediation

References

Please verify you're human