CVE-2022-32985
📋 TL;DR
CVE-2022-32985 is a critical vulnerability in Nexans FTTO GigaSwitch devices that implements a hardcoded backdoor account for SSH access on ports 50200 or 50201. This allows unauthenticated remote attackers to gain administrative access to affected switches. Organizations using vulnerable Nexans FTTO GigaSwitch models are affected.
💻 Affected Systems
- Nexans FTTO GigaSwitch
📦 What is this software?
Gigaswitch 641 Desk V5 Sfp Vi Firmware by Nexans
View all CVEs affecting Gigaswitch 641 Desk V5 Sfp Vi Firmware →
Gigaswitch 641 Desk V5 Sfp Vi Firmware by Nexans
View all CVEs affecting Gigaswitch 641 Desk V5 Sfp Vi Firmware →
Gigaswitch 642 Desk V5 Sfp 2vi Firmware by Nexans
View all CVEs affecting Gigaswitch 642 Desk V5 Sfp 2vi Firmware →
Gigaswitch 642 Desk V5 Sfp 2vi Firmware by Nexans
View all CVEs affecting Gigaswitch 642 Desk V5 Sfp 2vi Firmware →
Gigaswitch V5 2tp Sfp Vi 54vdc Firmware by Nexans
View all CVEs affecting Gigaswitch V5 2tp Sfp Vi 54vdc Firmware →
Gigaswitch V5 2tp Sfp Vi 54vdc Firmware by Nexans
View all CVEs affecting Gigaswitch V5 2tp Sfp Vi 54vdc Firmware →
Gigaswitch V5 2tp\(pd F\+\) Sfp Vi 54vdc Firmware by Nexans
View all CVEs affecting Gigaswitch V5 2tp\(pd F\+\) Sfp Vi 54vdc Firmware →
Gigaswitch V5 2tp\(pd F\+\) Sfp Vi 54vdc Firmware by Nexans
View all CVEs affecting Gigaswitch V5 2tp\(pd F\+\) Sfp Vi 54vdc Firmware →
Gigaswitch V5 2tp\(pse\+\) Sfp Vi 54vdc Firmware by Nexans
View all CVEs affecting Gigaswitch V5 2tp\(pse\+\) Sfp Vi 54vdc Firmware →
Gigaswitch V5 2tp\(pse\+\) Sfp Vi 54vdc Firmware by Nexans
View all CVEs affecting Gigaswitch V5 2tp\(pse\+\) Sfp Vi 54vdc Firmware →
Gigaswitch V5 Sfp 2vi 230vac Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Sfp 2vi 230vac Firmware →
Gigaswitch V5 Sfp 2vi 230vac Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Sfp 2vi 230vac Firmware →
Gigaswitch V5 Tp Sfp 2vi 54vdc Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Tp Sfp 2vi 54vdc Firmware →
Gigaswitch V5 Tp Sfp 2vi 54vdc Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Tp Sfp 2vi 54vdc Firmware →
Gigaswitch V5 Tp Sfp 2vi 54vdc Ind Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Tp Sfp 2vi 54vdc Ind Firmware →
Gigaswitch V5 Tp Sfp 2vi 54vdc Ind Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Tp Sfp 2vi 54vdc Ind Firmware →
Gigaswitch V5 Tp Sfp 2vi 54vdc Med Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Tp Sfp 2vi 54vdc Med Firmware →
Gigaswitch V5 Tp Sfp 2vi 54vdc Med Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Tp Sfp 2vi 54vdc Med Firmware →
Gigaswitch V5 Tp Sfp Vi 230vac Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Tp Sfp Vi 230vac Firmware →
Gigaswitch V5 Tp Sfp Vi 230vac Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Tp Sfp Vi 230vac Firmware →
Gigaswitch V5 Tp\(pse\+\) Sfp 2vi 54vdc Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Tp\(pse\+\) Sfp 2vi 54vdc Firmware →
Gigaswitch V5 Tp\(pse\+\) Sfp 2vi 54vdc Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Tp\(pse\+\) Sfp 2vi 54vdc Firmware →
Gigaswitch V5 Tp\(pse\+\) Sfp 2vi 54vdc Ind Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Tp\(pse\+\) Sfp 2vi 54vdc Ind Firmware →
Gigaswitch V5 Tp\(pse\+\) Sfp 2vi 54vdc Ind Firmware by Nexans
View all CVEs affecting Gigaswitch V5 Tp\(pse\+\) Sfp 2vi 54vdc Ind Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of network infrastructure, allowing attackers to reconfigure switches, intercept traffic, disable network segments, or pivot to other systems.
Likely Case
Unauthorized administrative access leading to network disruption, data interception, or installation of persistent backdoors.
If Mitigated
Limited impact if switches are isolated behind firewalls with strict access controls and network segmentation.
🎯 Exploit Status
Simple SSH connection using hardcoded credentials on specific ports.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.02N or 7.02
Vendor Advisory: https://www.nexans.de/de/products/Data-Network-Solutions/Industrial-and-office-switches.html
Restart Required: Yes
Instructions:
1. Download firmware version 6.02N or 7.02 from Nexans support portal. 2. Backup current configuration. 3. Upload and install new firmware via web interface or CLI. 4. Reboot switch. 5. Verify firmware version.
🔧 Temporary Workarounds
Network Access Control
linuxBlock external and internal access to SSH ports 50200 and 50201 using firewall rules.
iptables -A INPUT -p tcp --dport 50200 -j DROP
iptables -A INPUT -p tcp --dport 50201 -j DROP
VLAN Segmentation
allIsolate switches on separate management VLAN with strict access controls.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate switches from untrusted networks
- Deploy intrusion detection systems to monitor for SSH connections on ports 50200/50201
🔍 How to Verify
Check if Vulnerable:
Attempt SSH connection to switch IP on port 50200 or 50201 using known backdoor credentials (not disclosed here for security).Check Version:
ssh admin@switch_ip 'show version' or check web interface System Information pageVerify Fix Applied:
Verify firmware version is 6.02N or 7.02 via web interface or CLI, and confirm SSH connections on ports 50200/50201 fail.📡 Detection & Monitoring
Log Indicators:
- SSH authentication attempts on ports 50200/50201
- Successful logins from unexpected IP addresses
Network Indicators:
- SSH traffic on non-standard ports 50200/50201
- Unexpected configuration changes
SIEM Query:
source_port=50200 OR source_port=50201 OR dest_port=50200 OR dest_port=50201 protocol=ssh🔗 References
- https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/
- https://www.nexans.de/de/products/Data-Network-Solutions/Industrial-and-office-switches.html
- https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/
- https://www.nexans.de/de/products/Data-Network-Solutions/Industrial-and-office-switches.html
