CVE-2008-5158

Опубликовано: 18 нояб. 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage."

Ссылки

http://aluigi.org/adv/wincomalpd-adv.txt
http://aluigi.org/poc/wincomalpd.zip
http://secunia.com/advisories/28763
Vendor Advisory
http://securityreason.com/securityalert/4610
http://www.securityfocus.com/archive/1/487507/100/200/threaded
http://www.securityfocus.com/bid/27614
http://www.vupen.com/english/advisories/2008/0410
http://aluigi.org/adv/wincomalpd-adv.txt
http://aluigi.org/poc/wincomalpd.zip
http://secunia.com/advisories/28763
Vendor Advisory
http://securityreason.com/securityalert/4610
http://www.securityfocus.com/archive/1/487507/100/200/threaded
http://www.securityfocus.com/bid/27614
http://www.vupen.com/english/advisories/2008/0410

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:clientsoftware:wincome_mpd_total:*:*:*:*:*:*:*:*

Версия до 3.0.2.623 (включая)

EPSS

Процентиль: 70%

0.00638

Низкий

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-825g-r7c5-p5p5

github

больше 3 лет назад