Huawei OceanStor 5600 V300R003C00 SSH Key hard-coded credentials
A vulnerability was found in Huawei OceanStor 5600 V300R003C00. It has been declared as critical. This vulnerability affects unknown code of the component SSH Key. The manipulation leads to hard-coded credentials. Using CWE to declare the problem leads to CWE-798. The bug was discovered 10/20/2016. The weakness was released 04/02/2017 as sa-20161017-01 (Website). The advisory is shared for download at huawei.com. This vulnerability was named CVE-2016-8754. The attack can be initiated remotely. There are no technical details available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1110.001. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 164 days. As 0-day the estimated underground price was around $5k-$25k. It is recommended to applying a restrictive firewalling. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 93607).
Want to stay up to date on a daily basis?
Enable the mail alert feature now!