radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| esesix | thintune_mobile | 2.4.38 |
| esesix | thintune_xs | 2.4.38 |
| esesix | thintune_xm | 2.4.38 |
| esesix | thintune_m | 2.4.38 |
| esesix | thintune_extreme | 2.4.38 |
| esesix | thintune_s | 2.4.38 |
| esesix | thintune_l | 2.4.38 |
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| esesix | thintune_mobile | 2.4.38 |
| esesix | thintune_xs | 2.4.38 |
| esesix | thintune_xm | 2.4.38 |
| esesix | thintune_m | 2.4.38 |
| esesix | thintune_extreme | 2.4.38 |
| esesix | thintune_s | 2.4.38 |
| esesix | thintune_l | 2.4.38 |
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| esesix | thintune_mobile | 2.4.38 |
| esesix | thintune_xs | 2.4.38 |
| esesix | thintune_xm | 2.4.38 |
| esesix | thintune_m | 2.4.38 |
| esesix | thintune_extreme | 2.4.38 |
| esesix | thintune_s | 2.4.38 |
| esesix | thintune_l | 2.4.38 |
The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| esesix | thintune_l | 2.4.38_firmware |
| esesix | thintune_xs | 2.4.38_firmware |
| esesix | thintune_s | 2.4.38_firmware |
| esesix | thintune_xm | 2.4.38_firmware |
| esesix | thintune_extreme | 2.4.38_firmware |
| esesix | thintune_m | 2.4.38_firmware |
| esesix | thintune_mobile | 2.4.38_firmware |
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| esesix | thintune | * |