Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
Threat-Mapped Scoring
Score: 3.0
Priority: P2 - Serious (High)
-
S1 – Steal Customer Account Information
EPSS
Score: 0.44553
Percentile:
0.97434
CVSS Scoring
CVSS v3.1 Score: 9.8
Severity: CRITICAL
Mapped CWE(s)
-
CWE-1188
: Initialization of a Resource with an Insecure Default
All CAPEC(s)
-
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
CAPEC(s) with Mapped TTPs
-
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
Mapped TTPs:
-
T1211
: Exploitation for Defense Evasion
-
T1542.002
: Component Firmware
-
T1556
: Modify Authentication Process
Mapped ATT&CK TTPs
-
T1211
: Exploitation for Defense Evasion
Kill Chain: defense-evasion
-
T1542.002
: Component Firmware
Kill Chain: persistence
-
T1556
: Modify Authentication Process
Kill Chain: credential-access
Malware
APTs Threat Group Associations
Campaigns
Affected Products
- cpe:2.3:o:raspberrypi:raspberry_pi_os_lite:*:*:*:*:*:*:*:*
← Back to Home