CVE-2006-2045 - The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world read

CVE-2006-2045

Summary

The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, which allows local users to view sensitive information and modify data.

References

Vulnerable Configurations

cpe:2.3:h:ip3_networks:ip3_netaccess_75:4.0.34_firmware:*:*:*:*:*:*:*
cpe:2.3:h:ip3_networks:ip3_netaccess_75:4.0.34_firmware:*:*:*:*:*:*:*

CVSS

Base:	3.6 (as of 18-10-2018 - 16:37)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:N

refmap via4

bid	17698
bugtraq	20060424 Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance
secunia	19818
vupen	ADV-2006-1540
xf	ip3-na75-database-file-permission(26110) ip3-na75-shadow-file-permission(26109)

Last major update

18-10-2018 - 16:37

Published

26-04-2006 - 20:06

Last modified

18-10-2018 - 16:37