{"vuid":"VU#446403","idnumber":"446403","name":"AirSpan Base Station Distribution Unit default root password","keywords":["AirSpan","remote access","root privileges","BSDU"],"overview":"AirSpan Base Station Distribution Units may contain an undocumented telnet server that authenticates via a known default password and is enabled by default.","clean_desc":"From the AirSpan MicroMax product page: The base station is highly modular in design and is composed of two main components: the all outdoor Base Station Radios (BSR) and the indoor Base Station Distribution Unit (BSDU). Each base station could contain up to 12 BSRs, depending on the amount of available spectrum. Each BSR is connected to the BSDU via a 100BaseT interface operating over a Cat5 cable which carries both data and power. Per  the AirSpan WiMAX MicroMAX vulnerability report site: AirSpan BSDU has a serious security hole, which allows anyone to get remote access to device with root privileges using undocumented telnet access that is on by default. This is possible because all BSDUs share the same root password","impact":"A remote, unauthenticated attacker may be able to log in to an affected device as the root user.","resolution":"Change the default password Change the default password on affected devices. See AirSpan Product Bulletin PB/ASM/2008/015 Rev A for more information.","workarounds":"Restrict access Restrict access to the web telnet interface to trusted networks. If possible, configure management and transit networks for separate VLANs, or restrict access to the device using IP access lists.","sysaffected":"","thanks":"Information in this report was provided by the \nAirSpan WiMAX MicroMAX\n website.","author":"This document was written by Ryan Giobbi.","public":["http://www.sharemethods.net/nepal/servlet/open?keeppath=false&aid=30263","http://www.airspan.com/products_sub_micromax.htm","http://airspan4wimax.googlepages.com/","http://grouper.ieee.org/groups/802/16/","http://en.wikipedia.org/wiki/WiMAX"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2008-03-18T18:22:53Z","publicdate":"2008-03-18T00:00:00Z","datefirstpublished":"2008-03-21T15:32:56Z","dateupdated":"2008-04-01T15:16:41Z","revision":15,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"4","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"1","cam_impact":"10","cam_easeofexploitation":"10","cam_attackeraccessrequired":"20","cam_scorecurrent":"0.75","cam_scorecurrentwidelyknown":"0.75","cam_scorecurrentwidelyknownexploited":"1.5","ipprotocol":"tcp","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.75,"vulnote":null}