Undocumented SSH User Account Vulnerability in Winston 1.5.4 Devices
CVE-2020-16259 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.
Learn more about our User Device Pen Test.