This Metasploit module exploits the fact that Ceragon ships a public/private key pair on FibeAir IP-10 devices that allows passwordless authentication to any other IP-10 device. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the “mateidu” user.

Ceragon FibeAir IP-10 suffers from an SSH private key exposure vulnerability.

HP Security Bulletin HPSBST03298 2 – Potential security vulnerabilities have been identified with HP XP Service Processor Software for Windows. These vulnerabilities could be exploited resulting in a variety of outcomes. Revision 2 of this advisory.

Ubuntu Security Notice 2553-2 – USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. Various other issues were also addressed.

HP Security Bulletin HPSBGN03307 1 – A potential security vulnerability has been identified with HP Intelligent Provisioning that could result in disclosure of information. Revision 1 of this advisory.

Cisco Security Advisory – Cisco Prime Data Center Network Manager (DCNM) contains a file information disclosure vulnerability that could allow an unauthenticated, remote attacker to retrieve arbitrary files from the underlying operating system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

Debian Linux Security Advisory 3211-1 – Multiple security issues have been found in Iceweasel, Debian’s version use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, denial of service or cross-site request forgery.

HP Security Bulletin HPSBMU03304 1 – Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) which are components of HP Insight Control server deployment. These vulnerabilities are related to the SSLv3 vulnerability known as “Padding Oracle on Downgraded Legacy Encryption” or “POODLE”. The components of HP Insight Control server deployment could be exploited remotely to allow disclosure of information. HP Insight Control server deployment includes HP System Management Homepage (SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following jobs. This bulletin provides the information needed to update the vulnerable components in HP Insight Control server deployment. Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware. Revision 1 of this advisory.

Cisco Security Advisory – Cisco Unity Connection contains multiple vulnerabilities, when it is configured with Session Initiation Protocol (SIP) trunk integration. The vulnerabilities described in this advisory are denial of service vulnerabilities impacting the availability of Cisco Unity Connection for processing SIP messages. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.