Lucene search

[email protected]CVE-2008-5158

HistoryNov 18, 2008 - 9:30 p.m.

CVE-2008-5158

2008-11-1821:30:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2008-5158

wincom lpd total

remote attackers

authentication bypass

administrative actions

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.9%

JSON

Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving “simply skipping the auth stage.”

Affected configurations

NVD

Node

clientsoftwarewincome_mpd_totalRange≤3.0.2.623

CPENameOperatorVersion
clientsoftware:wincome_mpd_totalclientsoftware wincome mpd totalle3.0.2.623

CPE	Name	Operator	Version
clientsoftware:wincome_mpd_total	clientsoftware wincome mpd total	le	3.0.2.623

References

aluigi.org/adv/wincomalpd-adv.txt

aluigi.org/poc/wincomalpd.zip

secunia.com/advisories/28763

securityreason.com/securityalert/4610

www.securityfocus.com/archive/1/487507/100/200/threaded

www.securityfocus.com/bid/27614

www.vupen.com/english/advisories/2008/0410

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.9%

JSON

Related for CVE-2008-5158

nessus1 prion1 cvelist1 nvd1 openvas2