Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opengear | acm5000_console_server | * |
| opengear | opengear_console_server_firmware | 2.0.8 |
| opengear | kcs6000_rackside_console_server | * |
| opengear | img4000_console_server | * |
| opengear | opengear_console_server_firmware | * |
| opengear | opengear_console_server_firmware | 2.0.4u1 |
| opengear | cm4000_console_server | * |
| opengear | opengear_console_server_firmware | 2.1.0 |
| opengear | opengear_console_server_firmware | 2.0.9 |
| opengear | im4004-5_console_server | * |
| opengear | opengear_console_server_firmware | 2.0.6 |
| opengear | opengear_console_server_firmware | 2.0.4 |
| opengear | im4200_console_server | * |
| opengear | opengear_console_server_firmware | 2.1.0u1 |
Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial port on an Opengear console server) sends crafted text to a serial port (that has logging enabled), the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opengear | opengear | * |