CVE-2007-1345 - Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admi

CVE-2007-1345

Summary

Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface. This vulnerability has been addressed by the vendor with the following product patch: ftp://ftp.ca.com/pub/etrust/etradm/ETRADM81SP2/CR_Manual_Updates-8.1sp2-CR6-070301.zip

References

Vulnerable Configurations

cpe:2.3:a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_admin:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_admin:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_admin:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_admin:8.1.2:*:*:*:*:*:*:*

CVSS

Base:	4.1 (as of 09-04-2021 - 13:51)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:S/C:P/I:P/A:P

refmap via4

bid	22885
bugtraq	20070309 [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability
confirm	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145
osvdb	32722
sectrack	1017740
secunia	24441
sreason	2404
vupen	ADV-2007-0885
xf	ca-etrust-admin-authentication-bypass(32887)

Last major update

09-04-2021 - 13:51

Published

10-03-2007 - 19:19

Last modified

09-04-2021 - 13:51