CVE-2008-5158

Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage."

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://aluigi.org/adv/wincomalpd-adv.txt
http://aluigi.org/poc/wincomalpd.zip
http://secunia.com/advisories/28763	Vendor Advisory
http://securityreason.com/securityalert/4610
http://www.securityfocus.com/archive/1/487507/100/200/threaded
http://www.securityfocus.com/bid/27614
http://www.vupen.com/english/advisories/2008/0410

Configurations

Configuration 1 (hide)

cpe:2.3:a:clientsoftware:wincome_mpd_total:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-11-18 21:30

Updated : 2024-02-04 17:33

NVD link : CVE-2008-5158

Mitre link : CVE-2008-5158

CVE.ORG link : CVE-2008-5158

JSON object : View

Products Affected

clientsoftware

wincome_mpd_total

CWE

CWE-287

Improper Authentication

{"id": "CVE-2008-5158", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-11-18T21:30:00.593", "references": [{"url": "http://aluigi.org/adv/wincomalpd-adv.txt", "source": "cve@mitre.org"}, {"url": "http://aluigi.org/poc/wincomalpd.zip", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28763", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/4610", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/487507/100/200/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27614", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0410", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving \"simply skipping the auth stage.\""}, {"lang": "es", "value": "aplicaci\u00f3n Client Software WinCom LPD Total v3.0.2.623 y anteriores, permite a atacantes remotos evitar la autenticaci\u00f3n y realizar acciones de administrador a trav\u00e9s de vectores que involucran \"simply skipping the auth stage.\" (simplemente evitar el paso de autenticaci\u00f3n)"}], "lastModified": "2018-10-11T20:54:09.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:clientsoftware:wincome_mpd_total:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66AD5DD7-ADE0-46C8-84B7-17A3C476F223", "versionEndIncluding": "3.0.2.623"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}