Undocumented SSH User Account Vulnerability in Winston 1.5.4 Devices

Undocumented SSH User Account Vulnerability in Winston 1.5.4 Devices

CVE-2020-16259 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.

Learn more about our User Device Pen Test.