Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Management of Cryptographic Keys in the Maintenance Server in QCOW Air-Gapped Distribution (China Edition)
Vulnerability Description
Maintenance Server, in Cybellum's QCOW air-gapped distribution (China Edition), versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the server. The issue was resolved in version 2.28. Earlier versions, including all Cybellum 1.x versions, and distributions for the rest of the world remain unaffected.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
Cybellum 安全漏洞
Vulnerability Description
Cybellum是Cybellum公司的一款嵌入式系统网络安全检测和管理平台。 Cybellum QCOW air-gapped distribution 2.15.5 到 2.27版本存在安全漏洞,该漏洞源于使用私有密钥编译硬编码,具有管理权限和访问服务器的攻击者可能会使用此密钥在服务器上运行命令。
CVSS Information
N/A
Vulnerability Type
N/A