Lucene search

[email protected]CVE-2006-0968

HistoryMar 02, 2006 - 11:02 p.m.

CVE-2006-0968

2006-03-0223:02:00

[email protected]

web.nvd.nist.gov

ncp network communication secure client

ncprwsnt

cve-2006-0968

arbitrary code execution

vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.7%

JSON

The ncprwsnt service in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to execute arbitrary code by modifying the connect.bat script, which is automatically executed by the service after a connection is established.

Affected configurations

NVD

Node

ncp_network_communicationssecure_clientMatch8.11_build_146

CPENameOperatorVersion
ncp_network_communications:secure_clientncp network communications secure clienteq8.11_build_146

CPE	Name	Operator	Version
ncp_network_communications:secure_client	ncp network communications secure client	eq	8.11_build_146

References

lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html

secunia.com/advisories/19082

securityreason.com/securityalert/524

www.securityfocus.com/archive/1/426480/100/0/threaded

www.securityfocus.com/bid/16906

exchange.xforce.ibmcloud.com/vulnerabilities/25251

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.7%

JSON

Related for CVE-2006-0968

nvd1 prion1 cvelist1