CVE-2019-17584

The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
meinbergglobalsyncbox\/ptpv2_firmware
𝑥
< 5.34o
meinbergglobalsyncbox\/ptpv2_firmware
𝑥
< 5.34s
meinbergglobalsyncbox\/ptpv2_firmware
𝑥
< 5.32
meinbergglobalsyncbox\/ptpv2_firmware
𝑥
< 5.34g
𝑥
= Vulnerable software versions
References
https://w1n73r.de/CVE/2019/17584/
https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1904-syncbox-ptp-ptpv2.htm
https://w1n73r.de/CVE/2019/17584/
https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1904-syncbox-ptp-ptpv2.htm