360 Systems Image Server 2000 Series Remote Root Access

CVEs (1)

Remediations

• 360 Systems has not produced a patch, new version, or firmware upgrade that removes the hardcoded password or root user account. The vendor recommends that these devices be placed on closed, nonpublic-facing networks. The vendor further recommends the use of properly configured firewalls to restrict access to only necessary ports and the use of Virtual Private Networks if access is required. For more information on proper setup of this device, users may contact 360 Systems’ customer service department.
• The operations manuals for each of these devices states: The server is designed to be used in a private dedicated video network. A firewall must be used in systems that require internal security or connection to public networks. Consult with a network security specialist for guidance on the best hardware, programming and practices for your facility’s requirements.

Affected Vendors

Affected Products (3)