Lucene search

[email protected]CVE-2005-1606

HistoryMay 16, 2005 - 4:00 a.m.

CVE-2005-1606

2005-05-1604:00:00

[email protected]

web.nvd.nist.gov

cve-2005-1606

h-sphere winbox

plaintext storage

sensitive information

log files

privilege escalation

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges.

Affected configurations

NVD

Node

positive_softwareh-sphere_winboxMatch2.4.2_patch_4

positive_softwareh-sphere_winboxMatch2.4.3_rc1

CPENameOperatorVersion
positive_software:h-sphere_winboxpositive software h-sphere winboxeq2.4.2_patch_4
positive_software:h-sphere_winboxpositive software h-sphere winboxeq2.4.3_rc1

CPE	Name	Operator	Version
positive_software:h-sphere_winbox	positive software h-sphere winbox	eq	2.4.2_patch_4
positive_software:h-sphere_winbox	positive software h-sphere winbox	eq	2.4.3_rc1

References

exploitlabs.com/files/advisories/EXPL-A-2005-007-hsphere.txt

secunia.com/advisories/15287

www.osvdb.org/16239

www.psoft.net/misc/hsphere_winbox_security_update_passwd.html

www.securityfocus.com/bid/13559

exchange.xforce.ibmcloud.com/vulnerabilities/20522

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2005-1606

cvelist1 nvd1