CVE-2005-3718

Sažetak

UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 does not allow users to disable access to (1) SNMP or (2) the rlogin port TCP 513, which allows remote attackers to exploit other vulnerabilities such as CVE-2005-3716, or execute arbitrary shell commands via rlogin, which does not require authentication.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.html
http://secunia.com/advisories/17629
http://www.securityfocus.com/bid/15476
http://www.vupen.com/english/advisories/2005/2472

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-03-2011 - 02:27

Objavljeno

21-11-2005 - 11:03