Educause Security Discussion mailing list archives
BlackBox iCompel, and ONELAN NTB Units Security issue (CVE 2019-15497)
From: Frank Barton <bartonf () HUSSON EDU>
Date: Fri, 23 Aug 2019 08:25:24 -0400
Please forgive the cross-posting, but I wanted to let folks know about a security issue with the BlackBox iCompel and ONELAN Net-Top-Box systems. (The systems share the same code-base) In May of this year, I discovered that the units all ship with identical default usernames and password including for the 'root' user that is accessible over SSH. After disclosing this to the vendors, and discussing it with their development team, Today I have posted disclosure of this as CVE 2019-15497 Details can be found at https://experiencesofasysadmin.wordpress.com/2019/08/23/cve-2019-15497-default-credentials/ The long and the short of it is: If you have these units, make sure that you have changed all of the passwords, and you should probably also keep them off the internet, and segmented away from your normal network. Thank You Frank -- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- BlackBox iCompel, and ONELAN NTB Units Security issue (CVE 2019-15497) Frank Barton (Aug 23)