360 Systems Image Server 2000 Series Remote Root Access
Low RiskICS-CERT ICSA-13-038-01ANov 11, 2013
Summary
360 Systems Image Server 2000 Series devices are vulnerable to unauthenticated remote root access via port 2000. The vulnerability stems from weak or hardcoded authentication mechanisms (CWE-259). All versions of the Image Server 2000, Image Server Maxx, and Maxx product lines are affected. The vendor has not released a patch and has indicated no fix is planned for these legacy devices. An unauthenticated attacker with network access to port 2000 can gain root-level shell access to the device.
What this means
What could happen
An attacker with network access to port 2000 could gain root-level control of the Image Server 2000 Series device, potentially halting live video streaming or content distribution operations that depend on the device.
Who's at risk
Organizations operating 360 Systems Image Server 2000 Series devices in broadcast, live event streaming, or content distribution environments should be aware of this vulnerability. Affected equipment includes the Image Server 2000, Image Server Maxx, and Maxx models across all firmware versions. This applies to any facility that relies on these devices for real-time video content delivery or archival streaming.
How it could be exploited
An attacker sends a specially crafted request to the default Telnet port (port 2000) on the Image Server device. The hardcoded or weak authentication allows the attacker to gain remote shell access without providing valid credentials, escalating to root privileges.
Prerequisites
- Network access to port 2000 on the Image Server
- No valid credentials required; device accepts unauthenticated connection
remotely exploitableno authentication requiredno patch availabledefault or hardcoded credentials
Exploitability
Moderate exploit probability (EPSS 3.0%)
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
Image server 2000: vers:all/*All versionsNo fix (EOL)
Image Server Maxx: vers:all/*All versionsNo fix (EOL)
Maxx: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDRestrict network access to port 2000 using firewall rules; allow only trusted engineering workstations or control systems to connect
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor port 2000 for unexpected connection attempts and log all access attempts for forensic review
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: Image server 2000: vers:all/*, Image Server Maxx: vers:all/*, Maxx: vers:all/*. Apply the following compensating controls:
HARDENINGIsolate the Image Server 2000 Series device on a dedicated network segment (DMZ or OT VLAN) separate from corporate and untrusted networks
HARDENINGImplement network segmentation to prevent direct access from the internet or administrative networks to the device management port
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/385fcfde-f544-4687-9a93-d174a65686f7