CertccCVE-2015-0932CVE-2015-0932
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
89.6%
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| antlabs | inngate_ig_3.00_e | * | cpe:2.3:h:antlabs:inngate_ig_3.00_e:*:*:*:*:*:*:*:* |
| antlabs | inngate_ig_3.01_e | * | cpe:2.3:h:antlabs:inngate_ig_3.01_e:*:*:*:*:*:*:*:* |
| antlabs | inngate_ig_3.02_e | * | cpe:2.3:h:antlabs:inngate_ig_3.02_e:*:*:*:*:*:*:*:* |
| antlabs | inngate_ig_3.10_e | * | cpe:2.3:h:antlabs:inngate_ig_3.10_e:*:*:*:*:*:*:*:* |
| antlabs | inngate_ig_3.10_g | * | cpe:2.3:h:antlabs:inngate_ig_3.10_g:*:*:*:*:*:*:*:* |
| antlabs | inngate_ig_3100 | * | cpe:2.3:h:antlabs:inngate_ig_3100:*:*:*:*:*:*:*:* |
| antlabs | inngate_ig_3101 | * | cpe:2.3:h:antlabs:inngate_ig_3101:*:*:*:*:*:*:*:* |
References
blog.cylance.com/spear-team-cve-2015-0932
www.antlabs.com/index.php?option=com_content&view=article&id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932&catid=54:advisories&Itemid=133
www.kb.cert.org/vuls/id/930956
www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
89.6%