Vulnerability in AMX Harman Professional Devices Could Allow Unauthorized Remote Access
MS-ISAC ADVISORY NUMBER:2016-017
A vulnerability has been discovered in AMX Harman Professional devices that could allow full unauthorized remote access. AMX Harman Professional devices are audio-visual (AV) products focused on solving the complexity of managing technology with reliable, consistent and scalable systems comprising control and automation, system-wide switching and AV signal distribution, digital signage and technology management. Successful exploitation could grant the attacker full control over the impacted AMX device.
Even though the backdoor usernames are available on the Internet, there are currently no reports of the vulnerability being exploited in the wild.
- Large and medium government entities: HIGH
- Small government entities: HIGH
- Large and medium business entities: HIGH
- Small business entities: HIGH
A vulnerability has been discovered in AMX Harman Professional devices that could allow full unauthorized remote access. The vulnerability identified could provide an attacker with full control of a vulnerable AMX device. The usernames "1MB@tMaN" and “BlackWidow" were hard-coded in the firmware and allow for remote login in debug mode, granting the attacker access to tools not provided to administrators such as packet sniffing. AMX has released patches to fix the issue for some of the affected devices.
We recommend the following actions be taken:
Install the updates provided by AMX immediately after appropriate testing.
Verify no unauthorized system modifications have occurred before applying the patch.
Monitor logs for signs of access by either of these accounts.
Unless required, limit external network access to affected products.