CVE-2007-0528

Sažetak

The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).

Reference

http://osvdb.org/32966
http://secunia.com/advisories/23919
http://secunia.com/advisories/23936
http://www.procheckup.com/Vulner_PR0614.php
http://www.securityfocus.com/archive/1/457868/100/0/threaded
http://www.vupen.com/english/advisories/2007/0346
https://www.exploit-db.com/exploits/3189

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

16-10-2018 - 16:33

Objavljeno

26-01-2007 - 01:28