CVE-2015-0936 — AI Deep Analysis Summary

🚨 **Essence**: Default SSH private key exposure in **Ceragon FibeAir IP-10**. 📉 **Consequences**: Remote attackers gain unauthorized SSH access. Critical security breach due to hardcoded credentials.

🛡️ **Root Cause**: The `authorized_keys` file contains a **default SSH public key** for the `mateidu` user. ❌ **Flaw**: Hardcoded credentials instead of unique, generated keys per device.

📦 **Affected**: **Ceragon FibeAir IP-10** (Wireless Backhaul Node). 🌐 **Vendor**: Ceragon. ⚠️ **Scope**: Devices using this specific hardware model with default configurations.

💻 **Privileges**: Full **SSH access** as user `mateidu`. 🔓 **Data**: Potential remote code execution, network configuration changes, and data exfiltration.…

📉 **Threshold**: **LOW**. 🌍 **Auth**: No authentication required (public key is known). ⚙️ **Config**: Default settings exploited. Remote exploitation is trivial for any attacker with network access.

🔓 **Public Exp?**: **YES**. 📜 **References**: PacketStorm Security, Full Disclosure mailing list, GitHub Gist. 🚀 **Status**: Well-documented PoC available since April 2015.

🔍 **Self-Check**: Scan for **Ceragon FibeAir IP-10** devices. 🗝️ **Test**: Attempt SSH login with the known default private key for `mateidu`.…

🛠️ **Fix**: Official patches or key rotation updates from **Ceragon**. 🔄 **Mitigation**: Change default keys immediately. 📅 **Published**: Advisory released June 2017 (initial disclosure April 2015).

🚧 **No Patch?**: 1️⃣ **Isolate** device from public networks. 2️⃣ **Change** the `mateidu` user's SSH keys immediately. 3️⃣ **Restrict** SSH access via ACLs. 🛑 **Critical**: Do not leave default keys active.

🔥 **Urgency**: **HIGH**. 🚨 **Priority**: Immediate action required. 📉 **Risk**: Automated exploitation is likely due to known default keys. 🛡️ **Action**: Patch or rotate keys NOW to prevent remote takeover.