Detections
Analytics

Multiple Vendors EAS Authentication Bypass

critical Nessus Plugin ID 69471

Language:

Synopsis

The remote host is affected by an authentication bypass vulnerability.

Description

The remote EAS device permits root login using an SSH key with a publicly available private key. The private key was included in older copies of Monroe Electronics and Digital Alert Systems firmware.
A remote attacker with access to the private key can bypass authentication of the root user.

Solution

Update to firmware version 2.0-2 or higher.

See Also

https://www.kb.cert.org/vuls/id/662676/

http://www.nessus.org/u?637f824e

http://www.nessus.org/u?fbb8fb12

Plugin Details

Severity: Critical

ID: 69471

File Name: eas_default_key.nasl

Version: 1.12

Type: local

Family: Misc.

Published: 8/19/2013

Updated: 7/24/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-0137

Vulnerability Information

CPE: cpe:/h:digital_alert_systems:dasdec_eas, cpe:/h:monroe_electronics:r189_one-net_eas

Required KB Items: Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 4/24/2013

Vulnerability Publication Date: 6/26/2013

Reference Information

CVE: CVE-2013-0137

BID: 60810

CERT: 662676