CVE-2012-4702

360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf	US Government Resource
http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:360systems:image_server_2000:-:::::::*
	cpe:2.3:o:360systems:image_server_maxx:-:::::::*
	cpe:2.3:o:360systems:maxx:-:::::::*

History

No history.

Information

Published : 2013-03-11 17:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-4702

Mitre link : CVE-2012-4702

CVE.ORG link : CVE-2012-4702

JSON object : View

Products Affected

360systems

maxx
image_server_maxx
image_server_2000

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2012-4702", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-11T17:55:01.793", "references": [{"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-038-01A.pdf", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session."}, {"lang": "es", "value": "360 Systems Maxx, Image Server Maxx, y el Image Server 2000 tiene una contrase\u00f1a codificada para la cuenta de root, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos ejecutar c\u00f3digo arbitrario o modificar el contenido de v\u00eddeo o la programaci\u00f3n, a trav\u00e9s de una sesi\u00f3n SSH."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:360systems:image_server_2000:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C68DD2F-EC97-4C8A-A650-A75F6D650519"}, {"criteria": "cpe:2.3:o:360systems:image_server_maxx:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93ADDFCF-6422-4232-80CF-AB608E171056"}, {"criteria": "cpe:2.3:o:360systems:maxx:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D606C55-B5C8-4BC7-B12A-09D207C9A13C"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}