CVE-2020-11543 : Security Advisory and Response

OpsRamp Gateway before version 7.0.0 had a backdoor account that allowed unauthorized root SSH access. The issue was resolved in version 7.0.0 by limiting user accounts.

Understanding CVE-2020-11543

OpsRamp Gateway had a critical security vulnerability that allowed unauthorized access to the server through a backdoor account.

What is CVE-2020-11543?

OpsRamp Gateway before 7.0.0 had a backdoor account named vadmin with a hardcoded password, enabling root SSH access.
The vulnerability was addressed in OpsRamp Gateway firmware version 7.0.0 by restricting user accounts to administrator and system user roles.

The Impact of CVE-2020-11543

Unauthorized users could gain root SSH access to the server, posing a significant security risk.
The issue could potentially lead to unauthorized data access, manipulation, or disruption of services.

Technical Details of CVE-2020-11543

OpsRamp Gateway's security vulnerability and its implications.

Vulnerability Description

OpsRamp Gateway before 7.0.0 had a backdoor account (vadmin) with a hardcoded password (9vt@f3Vt) allowing root SSH access.

Affected Systems and Versions

OpsRamp Gateway versions before 7.0.0 were affected by this vulnerability.

Exploitation Mechanism

Attackers could exploit the backdoor account to gain unauthorized root SSH access to the server.

Mitigation and Prevention

Steps to address and prevent the CVE-2020-11543 vulnerability.

Immediate Steps to Take

Upgrade OpsRamp Gateway to version 7.0.0 or later to mitigate the security risk.
Change all default or hardcoded passwords to strong, unique ones.

Long-Term Security Practices

Regularly monitor and audit user accounts and access logs for any suspicious activities.
Implement multi-factor authentication to enhance security measures.

Patching and Updates

Stay informed about security updates and patches released by OpsRamp to address vulnerabilities like CVE-2020-11543.