Executive Summary

This vulnerability exists in H3C devices running firmware version NX15V100R015, where the root user account has no password set and the H3C user account uses a default password "admin." These insecure default credentials are stored in the /etc/shadow file. Attackers with network access can exploit these credentials to gain unauthorized root-level access to the device through the administrative interface or other network services.

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability can allow attackers to gain unauthorized root-level access to the affected device, leading to privilege escalation, information disclosure, or arbitrary code execution. This can compromise the security and integrity of the device and potentially the entire network it is connected to.

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by checking if H3C devices are running firmware version NX15V100R015 and verifying if the root user account has no password set and if the H3C user account uses the default password "admin". On the device, you can inspect the /etc/shadow file to see if these default credentials are present. Commands to check the /etc/shadow file include: `cat /etc/shadow` (requires appropriate permissions). Additionally, attempting to log in with the default credentials over the administrative interface or network services can help confirm the vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include changing the default passwords for the root and H3C user accounts to strong, unique passwords. Ensure that the root account has a secure password set and that the H3C user account does not use the default password "admin." Additionally, restrict network access to the administrative interface and other network services to trusted hosts only, and consider updating the firmware if a fixed version becomes available.

Useful 0 Not Useful 0