ID CVE-2006-0230
Summary Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:antivirus_scan_engine:5.0.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:antivirus_scan_engine:5.0.0.24:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 19-10-2018 - 15:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 17637
bugtraq
  • 20060421 Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error
  • 20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities
cert-vn VU#118388
confirm http://www.symantec.com/avcenter/security/Content/2006.04.21.html
secunia 19734
vulnwatch 20060421 Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error
vupen ADV-2006-1464
xf sse-unauth-admin-access(25972)
Last major update 19-10-2018 - 15:43
Published 25-04-2006 - 01:02
Back to Top