Lucene search

[email protected]CVE-2005-2188

HistoryJul 11, 2005 - 4:00 a.m.

CVE-2005-2188

2005-07-1104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

mcafee

intrushield

security management system

remote attackers

guess

manager account

brute force attack

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON

McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack.

CPENameOperatorVersion
mcafee:intrushield_security_management_systemmcafee intrushield security management systemeq*

CPE	Name	Operator	Version
mcafee:intrushield_security_management_system	mcafee intrushield security management system	eq	*

References

marc.info/?l=bugtraq&m=112066594312876&w=2

marc.info/?l=bugtraq&m=112076813804503&w=2

securitytracker.com/id?1014422

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON