MidnightBSD

Advisories for nexans

CVE-2022-32985

libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nexans gigaswitch_641_desk_v5_sfp-vi_firmware *
nexans gigaswitch_v5_2tp(pd-f+)_sfp-vi_54vdc_firmware *
nexans gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_firmware *
nexans gigaswitch_v5_tp_sfp-2vi_54vdc_med_firmware *
nexans gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_med_firmware *
nexans gigaswitch_v5_2tp(pse+)_sfp-vi_54vdc_firmware *
nexans gigaswitch_v5_2tp_sfp-vi_54vdc_firmware *
nexans gigaswitch_v5_tp_sfp-2vi_54vdc_firmware *
nexans gigaswitch_v5_tp_sfp-vi_230vac_firmware *
nexans gigaswitch_642_desk_v5_sfp-2vi_firmware *
nexans gigaswitch_v5_sfp-2vi_230vac_firmware *
nexans gigaswitch_v5_tp_sfp-2vi_54vdc_ind_firmware *
nexans gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_ind_firmware *