ID CVE-2006-0230
Summary Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
References
Vulnerable Configurations
  • Symantec Scan Engine 5.0.0.24
    cpe:2.3:a:symantec:antivirus_scan_engine:5.0.0.24
CVSS
Base: 10.0 (as of 25-04-2006 - 14:54)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Symantec Scan Engine 5.0.x.x Change Admin Password Remote Exploit. CVE-2006-0230. Remote exploit for windows platform
id EDB-ID:1703
last seen 2016-01-31
modified 2006-04-21
published 2006-04-21
reporter Marc Bevand
source https://www.exploit-db.com/download/1703/
title Symantec Scan Engine 5.0.x.x Change Admin Password Remote Exploit
nessus via4
NASL family CGI abuses
NASL id SYMANTEC_SCAN_ENGINE_MULTIPLE.NASL
description The remote host appears to be running Symantec Scan Engine. This version of Scan Engine is vulnerable to several flaws that could allow a remote attacker to take control of the scan engine. The following flaws are present: - Fixed HTTPS certificate key - Configuration file retrieval (with administrator password hash) - Possibility to change the administrator password
last seen 2019-02-21
modified 2018-08-01
plugin id 21271
published 2006-04-24
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=21271
title Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities
refmap via4
bid 17637
bugtraq
  • 20060421 Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error
  • 20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities
cert-vn VU#118388
confirm http://www.symantec.com/avcenter/security/Content/2006.04.21.html
secunia 19734
vulnwatch 20060421 Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error
vupen ADV-2006-1464
xf sse-unauth-admin-access(25972)
Last major update 07-03-2011 - 21:29
Published 24-04-2006 - 21:02
Last modified 19-10-2018 - 11:43
Back to Top