6.4 Medium
AI Score
Confidence
Low
2.4 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:S/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
9.1%
FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM) attack.
CPE | Name | Operator | Version |
---|---|---|---|
mandiant:first_response | mandiant first response | le | 1.1 |
secunia.com/advisories/23393
securityreason.com/securityalert/2052
securitytracker.com/id?1017394
www.mandiant.com/firstresponse.htm
www.securityfocus.com/archive/1/454712/100/0/threaded
www.securityfocus.com/bid/21548
www.symantec.com/enterprise/research/SYMSA-2006-013.txt
www.vupen.com/english/advisories/2006/5061