Description
radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain access.
Product(s):
- Esesix ThinTune Extreme 2.4.38
- Esesix ThinTune L 2.4.38
- Esesix ThinTune M 2.4.38
- Esesix ThinTune Mobile 2.4.38
- Esesix ThinTune S 2.4.38
- Esesix ThinTune XM 2.4.38
- Esesix ThinTune XS 2.4.38
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2048, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2048 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.