NVD

Id
28536  
Name
CVE-2015-8362  
Description
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2016-01-22  
Modified Date
2016-12-07  
Seq
2015-8362  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
149910 28536 CVE-2015-8362 http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in.html  View
149911 28536 CVE-2015-8362 20160121 SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices  View
149912 28536 CVE-2015-8362 http://www.amx.com/techcenter/firmware.asp?Category=Hot%20Fix%20Files  View
149913 28536 CVE-2015-8362 http://www.amx.com/techcenter/NXSecurityBrief/  View
149914 28536 CVE-2015-8362 20160121 SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices  View
149915 28536 CVE-2015-8362 81545  View
149916 28536 CVE-2015-8362 https://ics-cert.us-cert.gov/advisories/ICSA-16-049-02  View
149917 28536 CVE-2015-8362 VU#992624  View
149918 28536 CVE-2015-8362 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160121-0_AMX_Deliberately_hidden_backdoor_account_v10.txt  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
539 JVNDB-2016-001312 Harman AMX 製品がハードコードされたパスワードを使用する問題 複数の Harman AMX 製品には、デバッグ用のアカウントがハードコードされている問題が存在します。 CVE-2015-8362 85587 CVE-2015-8362 28536 10 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-001312.html 2016-01-21 2016-02-22 View