Quantum DXi Remote 'root' Authentication Bypass Vulnerability

Summary
This host is running Quantum DXi and is prone to authentication bypass vulnerability.
Impact
Successful exploitation will allow attacker to gain unauthorized root access to affected devices and completely compromise the devices. Impact Level: System/Application
Solution
Upgrade to Quantum DXi V1000 2.3.0.1 or later, For updates refer to http://quantum.com
Insight
- The root user has a hardcoded password that is unknown and not changeable. Normally access is only through the restricted shells. - The /root/.ssh/authorized_keys on the appliance contains the static private ssh key. Using this key on a remote system to login through SSH will give a root shell.
Affected
Quantum DXi V1000 2.2.1 and below
Detection
Send a SSH Private Key and check whether it is possible to login to the target machine
References