CVE-2023-0345 – The Akuvox E11 device has SSH enabled by defaul... (How to Fix)

Q: What is the severity of CVE-2023-0345?

CVE-2023-0345 has a CVSS score of 9.8 (CRITICAL). The Akuvox E11 device has SSH enabled by default with a hardcoded root password that cannot be changed. This allows attackers to gain full administrative control over affected devices. Organizations using Akuvox E11 devices are affected.

📋 TL;DR

The Akuvox E11 device has SSH enabled by default with a hardcoded root password that cannot be changed. This allows attackers to gain full administrative control over affected devices. Organizations using Akuvox E11 devices are affected.

💻 Affected Systems

Products:

Akuvox E11

Versions: All versions prior to patched firmware

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: SSH is enabled by default with hardcoded credentials that cannot be changed by users.

📦 What is this software?

E11 Firmware by Akuvox

View all CVEs affecting E11 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to data theft, device takeover for botnet participation, or lateral movement into connected networks.

🟠

Likely Case

Unauthorized access to device configuration, potential data exfiltration, and device manipulation.

🟢

If Mitigated

Limited impact if SSH is disabled or network access is restricted, though default configuration remains vulnerable.

🌐 Internet-Facing: HIGH - Devices exposed to the internet can be directly attacked without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this, but requires network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only SSH client and knowledge of default credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for latest firmware

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-01

Restart Required: Yes

Instructions:

1. Check Akuvox website for latest firmware. 2. Download and apply firmware update. 3. Verify SSH is disabled or credentials are changed.

🔧 Temporary Workarounds

Disable SSH Service

linux

Completely disable SSH server if not required for operations

systemctl stop ssh
systemctl disable ssh

Network Access Control

linux

Restrict SSH access to trusted IP addresses only

iptables -A INPUT -p tcp --dport 22 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

🧯 If You Can't Patch

Isolate affected devices in separate network segment with strict firewall rules
Monitor all SSH connection attempts and alert on unauthorized access

🔍 How to Verify

Check if Vulnerable:

Attempt SSH connection to port 22 using default credentials (check vendor advisory for specific credentials)

Check Version:

Check device web interface or use vendor-specific CLI commands

Verify Fix Applied:

Verify SSH connection fails with default credentials and/or SSH service is disabled

📡 Detection & Monitoring

Log Indicators:

Failed SSH authentication attempts
Successful SSH logins from unexpected sources
Multiple SSH connection attempts

Network Indicators:

SSH traffic to port 22 from unauthorized IPs
Unusual SSH session durations or data transfers

SIEM Query:

source="ssh" AND (event="authentication success" OR event="authentication failure") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2023-0345

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: March 13, 2023

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-01 Third Party Advisory,US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON