CVE-2006-5409

Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/22494
http://securitytracker.com/id?1017091
http://www.osvdb.org/29917
http://www.securityfocus.com/archive/1/449118/100/0/threaded
http://www.securityfocus.com/bid/20605
http://www.vupen.com/english/advisories/2006/4132

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mobilesecure_inc:highwall_endpoint:4.0.2.11045:::::::*
	cpe:2.3:a:mobilesecure_inc:highwall_enterprise:4.0.2.11045:::::::*

History

No history.

Information

Published : 2006-10-20 14:07

Updated : 2024-02-04 17:13

NVD link : CVE-2006-5409

Mitre link : CVE-2006-5409

CVE.ORG link : CVE-2006-5409

JSON object : View

Products Affected

mobilesecure_inc

highwall_enterprise
highwall_endpoint

CWE

NVD-CWE-Other

{"id": "CVE-2006-5409", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-10-20T14:07:00.000", "references": [{"url": "http://secunia.com/advisories/22494", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017091", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/29917", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/449118/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20605", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4132", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la interfaz de direcci\u00f3n de IDS wireless para Highwall Enterprise and Highwall Endpoint 4.0.2.11045 permite a un atacante remooto ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."}], "lastModified": "2018-10-17T21:42:47.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mobilesecure_inc:highwall_endpoint:4.0.2.11045:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BC57F68-44FF-4B06-8075-1E5FB0A15F8E"}, {"criteria": "cpe:2.3:a:mobilesecure_inc:highwall_enterprise:4.0.2.11045:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19E9E173-BF45-4F8E-9235-56A50DF4440E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}