Today, Rapid7 is disclosing a vulnerability discovered by James “egyp7″ Lee of Rapid7 that affects ExaGrid storage devices running firmware prior to version 4.8 P26. James discovered that an attacker can exploit these issues with common client tools: an SSH terminal client and a web browser. All that is needed are the default credentials and the ability to connect to the device over a network.
Since alerting ExaGrid of these vulnerabilities, the issues have been fixed. A statement from Bill Andrews, CEO of ExaGrid, about the disclosure is below:
“ExaGrid prides itself on meeting customer requirements,” said Bill Andrews, CEO of ExaGrid. “Security is without question a top priority, and we take any such issues very seriously. When we were informed by Rapid7 of a potential security weakness, we addressed it immediately. We value Rapid7’s involvement in identifying security risks since strong security will always be a key customer requirement.”
For your reference, more information about this disclosure can be found here: https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…