CVE-2016-2362

9.8 CRITICAL

📋 TL;DR

Fonality (formerly trixbox Pro) versions 12.6 through 14.1i contain a hardcoded FTP password that allows remote attackers to gain unauthorized access via FTP or SSH connections. This affects all systems running vulnerable versions of the Fonality/trixbox Pro software.

💻 Affected Systems

Products:

• Fonality
• trixbox Pro

Versions: 12.6 through 14.1i (before 2016-06-01)

Operating Systems: Linux-based systems running Fonality/trixbox

Default Config Vulnerable: ⚠️ Yes

Notes: All installations within the affected version range are vulnerable by default.

📦 What is this software?

Fonality by Fonality

View all CVEs affecting Fonality →

Fonality by Fonality

View all CVEs affecting Fonality →

Fonality by Fonality

View all CVEs affecting Fonality →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to access sensitive data, modify configurations, install malware, or use the system as a pivot point for further attacks.

🟠

Likely Case

Unauthorized access to the system via FTP/SSH leading to data theft, configuration changes, or service disruption.

🟢

If Mitigated

Limited impact if system is isolated behind firewalls with strict network access controls.

🌐 Internet-Facing: HIGH - Direct remote exploitation possible if system is exposed to internet.

🏢 Internal Only: HIGH - Even internal attackers can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of the hardcoded credentials and network access to the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2016-06-01

Vendor Advisory: http://www.kb.cert.org/vuls/id/754056

Restart Required: Yes

Instructions:

1. Update to Fonality version released after June 1, 2016. 2. Apply vendor-provided patches. 3. Restart affected services.

🔧 Temporary Workarounds

Change FTP/SSH credentials

linux

Manually change the hardcoded FTP password and SSH credentials

Copy

passwd ftpuser
passwd root

Disable FTP/SSH services

linux

Temporarily disable FTP and SSH services if not required

Copy

systemctl stop vsftpd
systemctl stop sshd
systemctl disable vsftpd
systemctl disable sshd

🧯 If You Can't Patch

• Implement strict network firewall rules to block external access to FTP (port 21) and SSH (port 22)
• Monitor FTP and SSH logs for unauthorized access attempts and implement intrusion detection

🔍 How to Verify

Check if Vulnerable:

Copy

Check if system is running Fonality/trixbox version 12.6 through 14.1i and test FTP/SSH access with known hardcoded credentials

Check Version:

Copy

cat /etc/fonality/version or check Fonality web interface

Verify Fix Applied:

Copy

Verify system version is after 2016-06-01 and test that FTP/SSH access with old credentials fails

📡 Detection & Monitoring

Log Indicators:

• Failed authentication attempts followed by successful FTP/SSH login
• Unusual FTP/SSH connections from unexpected IP addresses

Network Indicators:

• FTP/SSH connections using default/hardcoded credentials
• Unusual data transfers via FTP

SIEM Query:

Copy

source="ftp.log" OR source="sshd.log" AND (event="authentication success" AND user="ftpuser")

📊 Metadata

CVE ID: CVE-2016-2362

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: June 20, 2016

Last Updated: April 12, 2025

🔗 References

• http://www.kb.cert.org/vuls/id/754056 Third Party Advisory,US Government Resource
• http://www.kb.cert.org/vuls/id/754056 Third Party Advisory,US Government Resource

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON