Lucene search

K
kasperskyKaspersky LabKLA10226
HistoryOct 20, 2004 - 12:00 a.m.

KLA10226 Multiple vulnerabilities in WahtsUp Gold

2004-10-2000:00:00
Kaspersky Lab
threats.kaspersky.com
49

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.931 High

EPSS

Percentile

99.1%

Multiple serious vulnerabilities have been found in WhatsUp Gold. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code. Below is a complete list of vulnerabilities

  1. Unknown vectors can be exploited remotely via a specially designed GET request;
  2. A buffer overflow can be exploited remotely via a specially designed instance name.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Related products

Ipswitch-WhatsUp-Gold

CVE list

CVE-2004-0799 critical

CVE-2004-0798 critical

Solution

Update to latest version

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Ipswitch WhatsUp Gold versions 8.03 and earlier

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.931 High

EPSS

Percentile

99.1%