tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesVulnerability in AMX Harman Professional Devices Could Allow Unauthorized Remote Access

Vulnerability in AMX Harman Professional Devices Could Allow Unauthorized Remote Access

MS-ISAC ADVISORY NUMBER:

2016-017

DATE(S) ISSUED:

01/25/2016

OVERVIEW:

A vulnerability has been discovered in AMX Harman Professional devices that could allow full unauthorized remote access. AMX Harman Professional devices are audio-visual (AV) products focused on solving the complexity of managing technology with reliable, consistent and scalable systems comprising control and automation, system-wide switching and AV signal distribution, digital signage and technology management. Successful exploitation could grant the attacker full control over the impacted AMX device.

THREAT INTELLIGENCE:

Even though the backdoor usernames are available on the Internet, there are currently no reports of the vulnerability being exploited in the wild.

RISK:

Goverment:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
N/A

TECHNICAL SUMMARY:

A vulnerability has been discovered in AMX Harman Professional devices that could allow full unauthorized remote access. The vulnerability identified could provide an attacker with full control of a vulnerable AMX device. The usernames "1MB@tMaN" and “BlackWidow" were hard-coded in the firmware and allow for remote login in debug mode, granting the attacker access to tools not provided to administrators such as packet sniffing. AMX has released patches to fix the issue for some of the affected devices.

RECOMENDATIONS:

We recommend the following actions be taken:

Install the updates provided by AMX immediately after appropriate testing.
Verify no unauthorized system modifications have occurred before applying the patch.
Monitor logs for signs of access by either of these accounts.
Unless required, limit external network access to affected products.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Control That Helps Avoid This Issue Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation

Information Hub: Advisories