Details of VAR-201501-0735

ID

VAR-201501-0735

CVE

CVE-2015-0924

TITLE

Ceragon FiberAir IP-10 Microwave Bridge contains a default root password

Trust: 0.8

sources: CERT/CC: VU#936356

DESCRIPTION

Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session. Ceragon FiberAir IP-10 Microwave Bridge contains a default root password. CWE-259: Use of Hard-coded Password http://cwe.mitre.org/data/definitions/259.htmlA remote attacker may obtain administrator privileges for the device. The Ceragon FiberAir IP-10 is a wireless microwave device. A security vulnerability exists in Ceragon FiberAir IP-10 hard-coded credentials that allows an attacker to exploit this vulnerability to bypass certain authentication access devices. Ceragon FiberAir IP-10 microwave bridge is prone to a security-bypass vulnerability

Trust: 3.15

sources: NVD: CVE-2015-0924 // CERT/CC: VU#936356 // JVNDB: JVNDB-2015-001054 // CNVD: CNVD-2015-00446 // BID: 72107

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-00446

AFFECTED PRODUCTS

vendor:	ceragon	model:	fiberair ip-10e	scope:	eq	version:	-	Trust: 1.6
vendor:	ceragon	model:	fiberair ip-10g	scope:	eq	version:	-	Trust: 1.6
vendor:	ceragon	model:	fiberair ip-10c	scope:	eq	version:	-	Trust: 1.6
vendor:	ceragon	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ceragon	model:	fibeair ip-10	scope:	-	version:	-	Trust: 0.8
vendor:	ceragon	model:	fiberair ip-10	scope:	-	version:	-	Trust: 0.6
vendor:	ceragon	model:	fibeair ip-10	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#936356 // CNVD: CNVD-2015-00446 // BID: 72107 // JVNDB: JVNDB-2015-001054 // CNNVD: CNNVD-201501-375 // NVD: CVE-2015-0924

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0924
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0924
value:	HIGH
Trust: 0.8
IPA:	JVNDB-2015-001054
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-00446
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201501-375
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2015-0924
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2015-0924
severity:	HIGH
baseScore:	10.0
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2015-001054
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2015-00446
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CERT/CC: VU#936356 // CNVD: CNVD-2015-00446 // JVNDB: JVNDB-2015-001054 // CNNVD: CNNVD-201501-375 // NVD: CVE-2015-0924

PROBLEMTYPE DATA

problemtype:	CWE-255	Trust: 1.8
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-001054 // NVD: CVE-2015-0924

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-375

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201501-375

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001054

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#936356

PATCH

title:

FibeAirR IP-10C

url:

http://www.ceragon.com/products-ceragon/packet-hybrid-microwave/fibeair-ip-10c

Trust: 0.8

sources: JVNDB: JVNDB-2015-001054

EXTERNAL IDS

db:	CERT/CC	id:	VU#936356	Trust: 3.5
db:	NVD	id:	CVE-2015-0924	Trust: 3.3
db:	BID	id:	72107	Trust: 0.9
db:	JVN	id:	JVNVU93489463	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-001054	Trust: 0.8
db:	CNVD	id:	CNVD-2015-00446	Trust: 0.6
db:	CNNVD	id:	CNNVD-201501-375	Trust: 0.6

sources: CERT/CC: VU#936356 // CNVD: CNVD-2015-00446 // BID: 72107 // JVNDB: JVNDB-2015-001054 // CNNVD: CNNVD-201501-375 // NVD: CVE-2015-0924

REFERENCES

url:	http://www.kb.cert.org/vuls/id/936356	Trust: 2.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0924	Trust: 1.4
url:	http://cwe.mitre.org/data/definitions/255.html	Trust: 0.8
url:	http://www.ceragon.com/products-ceragon/packet-hybrid-microwave/fibeair-ip-10c	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0924	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93489463/index.html	Trust: 0.8
url:	http://www.securityfocus.com/bid/72107	Trust: 0.6
url:	http://www.ceragon.com	Trust: 0.3

sources: CERT/CC: VU#936356 // CNVD: CNVD-2015-00446 // BID: 72107 // JVNDB: JVNDB-2015-001054 // CNNVD: CNNVD-201501-375 // NVD: CVE-2015-0924

CREDITS

Jasper Greve

Trust: 0.3

sources: BID: 72107

SOURCES

db:	CERT/CC	id:	VU#936356
db:	CNVD	id:	CNVD-2015-00446
db:	BID	id:	72107
db:	JVNDB	id:	JVNDB-2015-001054
db:	CNNVD	id:	CNNVD-201501-375
db:	NVD	id:	CVE-2015-0924

LAST UPDATE DATE

2025-04-13T23:26:47.381000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#936356	date:	2015-01-21T00:00:00
db:	CNVD	id:	CNVD-2015-00446	date:	2015-01-21T00:00:00
db:	BID	id:	72107	date:	2015-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-001054	date:	2015-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201501-375	date:	2015-01-30T00:00:00
db:	NVD	id:	CVE-2015-0924	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#936356	date:	2015-01-16T00:00:00
db:	CNVD	id:	CNVD-2015-00446	date:	2015-01-21T00:00:00
db:	BID	id:	72107	date:	2015-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-001054	date:	2015-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201501-375	date:	2015-01-19T00:00:00
db:	NVD	id:	CVE-2015-0924	date:	2015-01-17T11:59:06.127