| CVE編號 | CVE-2015-8362、CVE-2016-1984 |
|---|---|
| 解決辦法 | •原廠發布安全更新連結,請參考使用版本進行更新 http://www.amx.com/techcenter/ |
| 張貼日 | 2016-02-19 |
| 上稿單位 | TWCERT/CC |
•AMX為一個網路媒體集團,自動化控制系統製造商,提供使用者各種智慧控制與高階控制整合方案。
•本次安全更新修復了multimedia devices之安全漏洞,部分漏洞可能是由於設備內包含了一個hard-coded密碼,讓有心的駭客可以輕易取得設備密碼,提升帳戶權限,進而達到特殊目的。
•編註:成功利用此弱點的攻擊者可以提升使用者權限。攻擊者接下來將能安裝程式,檢視、變更或刪除資料,或建立具有完整使用者權限的新帳戶。
影響產品:
The following AMX multimedia devices are affected by vulnerability CVE-2015-8362: NX-1200, NX-2200, NX-3200, NX-4200 NetLinx Controller, versions prior to Version 1.4.65, Massio ControlPads MCP-10x, versions prior to Version 1.4.65, Enova DVX-x2xx, versions prior to Version 1.4.65, DVX-31xxHD-SP (-T), versions prior Version 4.8.331, DVX-21xxHD-SP (-T), versions prior Version 4.8.331, DVX-2100HD-SP-T Master, versions prior to Version 4.1.420 (Hotfix firmware version), Enova DGX 100 NX Series Master, versions prior to Version 1.4.72 (Hotfix firmware version), Enova DGX 8/16/32/64 NX Series Master, versions prior to Version 1.4.72 (Hotfix firmware version), Enova DGX 8/16/32/64 NI Series Master, versions prior to Version 4.2.397 (Hotfix firmware version), NI-700, NI-900 Master Controllers (64M RAM), versions prior to Version 4.1.419, NI-700, NI-900 Master Controllers (32M RAM), versions prior to Version 3.60.456 (Hotfix firmware version), NI-2100, NI-3100, NI-4100, NI-2100 with ICSNet, NI-3100 with ICSNet, NI-3100/256, NI-3100/256 with ICSNet, NI-4100/256, versions prior to Version 4.1.419, NI-3101-SIG Master Controller, versions prior to Version 4.1.419, NI-2000, NI-3000, NI-4000, versions prior to Version 3.60.456 (Hotfix firmware version), and ME260/64 Duet, versions prior to Version 3.60.456 (Hotfix firmware version). The following AMX multimedia devices are affected by vulnerability CVE-2016-1984: NX-1200, NX-2200, NX-3200, NX-4200 NetLinx Controller, Version 1.4.65 and Version 1.4.66 (Hotfix firmware version), Massio ControlPads MCP-10x, Version 1.4.65 and Version 1.4.66 (Hotfix firmware version), Enova DVX-x2xx, Version 1.4.65 and Version 1.4.72 (Hotfix firmware version), Enova DGX 100 NX Series Master, Version 1.4.72 (Hotfix firmware version), and Enova DGX 8/16/32/64 NX Series Master, Version 1.4.72 (Hotfix firmware version).