all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

VU#142546: SMA Technologies OpCon UNIX agent adds the same SSH key to all installations

Add to bookmarks
June 21, 2022, 4:38 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview


SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An attacker with access to the private key can gain root access on affected systems.


Description


During OpCon UNIX agent installation and updates, an SSH public key is added to the root account's authorized_keys file. The corresponding private key titled sma_id_rsa is included with the installation files and is not encrypted with a passphrase. Removal of the OpCon software does not remove the …

agent key sma ssh technologies unix

Visit resource

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 1 week, 1 day ago | kb.cert.org
application arbitrary code attacker attackers +14
VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 2 weeks ago | kb.cert.org
arbitrary code attackers cases code +15
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 2 weeks, 1 day ago | kb.cert.org
architectures attacker attacks bhi +20
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 3 weeks ago | kb.cert.org
attacks can dos fragments +6
VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 1 month ago | kb.cert.org
abuse application applications attacker +18
VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 1 month, 1 week ago | kb.cert.org
architectures attacker can conditions +13
VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 1 month, 2 weeks ago | kb.cert.org
app attacks bluetooth called +11
VU#446598: GPU kernel implementations susceptible to memory leak 3 months, 1 week ago | kb.cert.org
access amd apple attacker +18
VU#302671: SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies 3 months, 1 week ago | kb.cert.org
attacker bypass can data +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Systems Security Officer (ISSO) (Remote within HR Virginia area)

@ OneZero Solutions | Portsmouth, VA, USA
View on infosec-jobs.com

Security Analyst

@ UNDP | Tripoli (LBY), Libya
View on infosec-jobs.com

Senior Incident Response Consultant

@ Google | United Kingdom
View on infosec-jobs.com

Product Manager II, Threat Intelligence, Google Cloud

@ Google | Austin, TX, USA; Reston, VA, USA
View on infosec-jobs.com

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India
View on infosec-jobs.com
View more jobs