CVE-2019-15017

The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials.

Published : 2019-10-09 21:15 Updated : 2019-10-16 16:10

7.2
CVSS Score More info
Score 7.2 / 10
7.2
Vendor Product Version URI
Zingbox Inspector 1.294 cpe:/a:zingbox:inspector:1.294
  1. Zingbox (1) Search CVE
    1. Inspector (1) Search CVE
      1. 1.294

CWE

ID Name Description Links
CWE-798 Use of Hard-coded Credentials The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. CVE

History of changes

Date Event
2019-10-16 16:10
2019-10-15 18:16
2019-10-09 21:15

New CVE