{"vuid":"VU#992624","idnumber":"992624","name":"Harman AMX multimedia devices contain hard-coded credentials","keywords":["hard-coded","credentials","backdoor"],"overview":"Multiple models of Harman AMX multimedia devices contain a hard-coded debug account.","clean_desc":"CWE-798: Use of Hard-coded Credentials - CVE-2015-8362 According to the researchers' blog post, several models of Harman AMX multimedia devices contain a hard-coded \"backdoor\" account with administrative permissions. Further details are available in the researchers' vulnerability advisory. AMX firmware release notes indicate this was a debugging account left in the released firmware. The following software versions of the AMX NX-1200 have been reported to be vulnerable: v1.2.322\nv1.3.100 Affected devices include but are not limited to: AMX NX-1200\nAMX DGX16-ENC (Digital Media Switchers)\nAMX DGX32-ENC-A (Digital Media Switchers)\nAMX DGX64-ENC (Digital Media Switchers)\nAMX DGX8-ENC (Digital Media Switchers)\nAMX DVX-2100HD (All-In-One Presentation Switchers)\nAMX DVX-2210HD (All-In-One Presentation Switchers)\nAMX DVX-2250HD (All-In-One Presentation Switchers)\nAMX DVX-2255HD (All-In-One Presentation Switchers)\nAMX DVX-3250HD (All-In-One Presentation Switchers)\nAMX DVX-3255HD (All-In-One Presentation Switchers)\nAMX DVX-3256HD (All-In-One Presentation Switchers)\nAMX ENOVADGX64-ENC (Digital Media Switchers)\nAMX MCP-106 (ControlPads)\nAMX MCP-108 (ControlPads)\nAMX NI-2000 (Central Controllers)\nAMX NI-2100 (Central Controllers)\nAMX NI-3000 (Central Controllers)\nAMX NI-3100 (Central Controllers)\nAMX NI-3101-SIG (Central Controllers)\nAMX NI-4000 (Central Controllers)\nAMX NI-4100 (Central Controllers)\nAMX NI-700 (Central Controllers)\nAMX NI-900 (Central Controllers)\nAMX NX-1200 (Central Controllers)\nAMX NX-2200 (Central Controllers)\nAMX NX-3200 (Central Controllers)\nAMX NX-4200 (Central Controllers)\nAMX NXC-ME260-64 (Central Controllers)\nAMX NXC-MPE (Central Controllers)\nAMX NetLinx NX Integrated Controller (Media)","impact":"An attacker with knowledge of the account credentials can obtain administrative access on the device.","resolution":"Apply an update\nAMX has released an update for some devices. Affected users are encouraged to contact Harman's support line for more information on obtaining the update.","workarounds":"Restrict network access\nUse a firewall or similar technology to restrict access to trusted hosts, networks, and services. Consider operating AMX devices on a separate network segment or VLAN. AMX devices support SSH, HTTP, possibly HTTPS, ICSP, and possibly other services.","sysaffected":"","thanks":"Thanks to Johannes Greil of SEC Consult for reporting this vulnerability.","author":"This document was written by Garret Wassermann.","public":["http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in.html","http://www.amx.com/techcenter/NXSecurityBrief/","http://www.amx.com/techcenter/firmware.asp?Category=Hot%20Fix%20Files","http://seclists.org/fulldisclosure/2016/Jan/63","https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160121-0_AMX_Deliberately_hidden_backdoor_account_v10.txt","http://www.amx.com/assets/whitePapers/AMX.AVIT.Administrators.Guide.pdf"],"cveids":["CVE-2015-8362"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-01-19T13:05:42Z","publicdate":"2016-01-21T00:00:00Z","datefirstpublished":"2016-01-21T20:15:21Z","dateupdated":"2016-01-27T23:50:05Z","revision":41,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"7.8","cvss_environmentalscore":"5.86926702432","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}