Hardcoded Password Vulnerability Affects H3C Magic B1ST v100R012
CVE-2024-42638

9.8CRITICAL

Key Information:

Vendor: H3C
Status: Magic B1st Firmware
Vendor: CVE Published:; 16 August 2024

What is CVE-2024-42638?

A security flaw has been identified in the H3C Magic B1ST v100R012 relating to hardcoded passwords within the system files. This vulnerability resides in the /etc/shadow file, which allows attackers to exploit the weak security measures in place and gain root access. The presence of a hardcoded password poses significant risks, enabling unauthorized individuals to manipulate system settings, access sensitive data, and compromise overall system integrity. Organizations using H3C Magic B1ST must prioritize implementing measures to protect their environments against potential exploits stemming from this issue.

References

https://palm-vertebra-fe9.notion.site/H3C-Magic-B1STV100R...

https://www.h3c.com/cn/d_201609/956059_30005_0.htm

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2024