CVE-2005-2554 - The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permi

CVE-2005-2554

Summary

The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.

References

Vulnerable Configurations

cpe:2.3:a:network_associates:epolicy_orchestrator_agent:3.5.0_\(patch_3\):*:*:*:*:*:*:*
cpe:2.3:a:network_associates:epolicy_orchestrator_agent:3.5.0_\(patch_3\):*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	14549
confirm	http://knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKC&docType=kc&externalId=KBkb42216xml
fulldisc	20050811 Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3)
misc	http://reedarvin.thearvins.com/20050811-01.html
osvdb	18735
secunia	16410
vupen	ADV-2005-1402
xf	epolicy-orchestrator-gain-privileges(21839)

Last major update

11-07-2017 - 01:32

Published

12-08-2005 - 04:00

Last modified

11-07-2017 - 01:32