Lucene search

[email protected]CVE-2009-2357

HistoryJul 07, 2009 - 11:30 p.m.

CVE-2009-2357

2009-07-0723:30:00

CWE-16

[email protected]

web.nvd.nist.gov

cve-2009-2357

tekradius 3.0

default configuration

remote attack

privileged access

sql server

windows os

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.2%

JSON

The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.

Affected configurations

NVD

Node

yasinkaplantekradiusMatch3.0

CPENameOperatorVersion
yasinkaplan:tekradiusyasinkaplan tekradiuseq3.0

CPE	Name	Operator	Version
yasinkaplan:tekradius	yasinkaplan tekradius	eq	3.0

References

www.nth-dimension.org.uk/utils/get.php?downloadsid=56

www.securityfocus.com/archive/1/504740/100/0/threaded

www.vupen.com/english/advisories/2009/1816

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for CVE-2009-2357

cvelist1 prion1 nvd1 seebug1