Description
Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68473
Exploit x_refsource_misc
http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532710/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030542
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94450
Various Sources x_refsource_misc
https://github.com/depthsecurity/NetMRI-2014-3418
Exploit x_refsource_misc
http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html
Scores
EPSS
0.0007
EPSS Percentile
20.3%
Details
CWE
CWE-255
Status
published
Products (6)
infoblox/netmri
6.0.2.42
infoblox/netmri
6.1.2
infoblox/netmri
6.2.1
infoblox/netmri
6.2.1.48
infoblox/netmri
6.8.2.11
infoblox/netmri
< 6.8.4
Published
Jul 15, 2014
Tracked Since
Feb 18, 2026