CVE-2025-27019
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-08
Last updated on: 2025-12-08
Assigner: ENISA
Description
Description
Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows
an attacker to utilize password-less user accounts and obtain
system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| infinera | mtc-9 | r22.1.1.0275 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Remote Shell Service (RSH) of Infinera MTC-9 version R22.1.1.0275. It allows an attacker to exploit password-less user accounts to gain unauthorized system access by activating a reverse shell, effectively bypassing authentication controls.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain full system access without authentication, potentially leading to complete compromise of the affected system. This includes unauthorized data access, system manipulation, and disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70