Design/Logic Flaw

2006-05-3122:02:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.1%

JSON

Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not validate the CEID of an incoming message, which allows remote attackers to send messages to a protected asset without knowing the proper CEID.

References

secunia.com/advisories/20378

securitytracker.com/id?1016184

www.kb.cert.org/vuls/id/635721

www.kb.cert.org/vuls/id/WDON-6Q6SDL

www.vupen.com/english/advisories/2006/2069

exchange.xforce.ibmcloud.com/vulnerabilities/26783