Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-0833

Summary
Assigner-canonical
Assigner Org ID-cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At-27 Jul, 2010 | 22:00
Updated At-07 Aug, 2024 | 00:59
Rejected At-
Credits

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:canonical
Assigner Org ID:cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At:27 Jul, 2010 | 22:00
Updated At:07 Aug, 2024 | 00:59
Rejected At:
▼CVE Numbering Authority (CNA)

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-964-1
vendor-advisory
x_refsource_UBUNTU
http://www.securityfocus.com/archive/1/512643/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/40725
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=129719002806096&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/40736
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/43244
third-party-advisory
x_refsource_SECUNIA
http://www.securitytracker.com/id?1025031
vdb-entry
x_refsource_SECTRACK
http://www.likewise.com/community/index.php/forums/viewthread/772/
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1913
vdb-entry
x_refsource_VUPEN
http://marc.info/?l=bugtraq&m=129719002806096&w=2
vendor-advisory
x_refsource_HP
http://www.vupen.com/english/advisories/2011/0312
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.ubuntu.com/usn/USN-964-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.securityfocus.com/archive/1/512643/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/40725
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=129719002806096&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/40736
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/43244
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securitytracker.com/id?1025031
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.likewise.com/community/index.php/forums/viewthread/772/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2010/1913
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://marc.info/?l=bugtraq&m=129719002806096&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.vupen.com/english/advisories/2011/0312
Resource:
vdb-entry
x_refsource_VUPEN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-964-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.securityfocus.com/archive/1/512643/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/40725
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=bugtraq&m=129719002806096&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/40736
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/43244
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securitytracker.com/id?1025031
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.likewise.com/community/index.php/forums/viewthread/772/
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2010/1913
vdb-entry
x_refsource_VUPEN
x_transferred
http://marc.info/?l=bugtraq&m=129719002806096&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.vupen.com/english/advisories/2011/0312
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-964-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/512643/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/40725
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=129719002806096&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/40736
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/43244
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1025031
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.likewise.com/community/index.php/forums/viewthread/772/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1913
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=129719002806096&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0312
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@ubuntu.com
Published At:28 Jul, 2010 | 12:48
Updated At:11 Apr, 2025 | 00:51

The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
likewise
likewise
>>likewise_open>>5.4
cpe:2.3:a:likewise:likewise_open:5.4:*:*:*:*:*:*:*
likewise
likewise
>>likewise_open>>6.0
cpe:2.3:a:likewise:likewise_open:6.0:*:*:*:*:*:*:*
likewise
likewise
>>likewise_cifs>>5.4
cpe:2.3:a:likewise:likewise_cifs:5.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://marc.info/?l=bugtraq&m=129719002806096&w=2security@ubuntu.com
N/A
http://marc.info/?l=bugtraq&m=129719002806096&w=2security@ubuntu.com
N/A
http://secunia.com/advisories/40725security@ubuntu.com
Vendor Advisory
http://secunia.com/advisories/40736security@ubuntu.com
Vendor Advisory
http://secunia.com/advisories/43244security@ubuntu.com
Vendor Advisory
http://www.likewise.com/community/index.php/forums/viewthread/772/security@ubuntu.com
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/512643/100/0/threadedsecurity@ubuntu.com
N/A
http://www.securitytracker.com/id?1025031security@ubuntu.com
N/A
http://www.ubuntu.com/usn/USN-964-1security@ubuntu.com
N/A
http://www.vupen.com/english/advisories/2010/1913security@ubuntu.com
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0312security@ubuntu.com
Vendor Advisory
http://marc.info/?l=bugtraq&m=129719002806096&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=129719002806096&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/40725af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/40736af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/43244af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.likewise.com/community/index.php/forums/viewthread/772/af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/512643/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1025031af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-964-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/1913af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0312af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=129719002806096&w=2
Source: security@ubuntu.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=129719002806096&w=2
Source: security@ubuntu.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/40725
Source: security@ubuntu.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/40736
Source: security@ubuntu.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43244
Source: security@ubuntu.com
Resource:
Vendor Advisory
Hyperlink: http://www.likewise.com/community/index.php/forums/viewthread/772/
Source: security@ubuntu.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/512643/100/0/threaded
Source: security@ubuntu.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025031
Source: security@ubuntu.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-964-1
Source: security@ubuntu.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1913
Source: security@ubuntu.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0312
Source: security@ubuntu.com
Resource:
Vendor Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=129719002806096&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=129719002806096&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/40725
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/40736
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43244
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.likewise.com/community/index.php/forums/viewthread/772/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/512643/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025031
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-964-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1913
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0312
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

61Records found
CVE-2017-6549
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-24.52% / 95.91%
||
7 Day CHG~0.00%
Published-09 Mar, 2017 | 09:26
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers.

Action-Not Available
Vendor-n/aASUS (ASUSTeK Computer Inc.)
Product-rt-ac53_firmwarert-ac53n/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-20695
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-0.25% / 47.82%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:15
Updated-06 Nov, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials. Note: This vulnerability exists because of a non-default device configuration that must be present for it to be exploitable. For details about the vulnerable configuration, see the Vulnerable Products section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_1562iaironet_1830evirtual_wireless_controlleraironet_1850eaironet_1560aironet_3800eaironet_1815t5520_wireless_controlleraironet_1850aironet_1562eaironet_2800iaironet_1542iaironet_3800paironet_1830aironet_1830iaironet_1815aironet_15408540_wireless_controlleraironet_1832aironet_1815iaironet_1815waironet_4800aironet_2800aironet_1542daironet_3800wireless_lan_controller_8.10.151.0aironet_1562daironet_18523504_wireless_controlleraironet_3800iwireless_lan_controller_8.10.162.0aironet_1850iaironet_1815maironet_2800eCisco Wireless LAN Controller (WLC)
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2017-2332
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-8.8||HIGH
EPSS-1.09% / 77.00%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-northstar_controllerNorthStar Controller Application
CWE ID-CWE-287
Improper Authentication
CVE-2017-18641
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.35% / 56.41%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 00:30
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.

Action-Not Available
Vendor-linuxcontainersn/a
Product-lxcn/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-4508
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.3||HIGH
EPSS-0.19% / 41.30%
||
7 Day CHG~0.00%
Published-03 Feb, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_hmi_panelswincc_flexible_runtimewincc_flexiblewincc_runtime_advancedwinccn/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-4644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.66% / 90.83%
||
7 Day CHG~0.00%
Published-03 Jan, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.

Action-Not Available
Vendor-n/aSplunk LLC (Cisco Systems, Inc.)
Product-splunkn/a
CWE ID-CWE-287
Improper Authentication
CVE-2015-6280
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.3||HIGH
EPSS-1.17% / 77.75%
||
7 Day CHG~0.00%
Published-28 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xen/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-36306
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-1.72% / 81.65%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Networking OS
CWE ID-CWE-287
Improper Authentication
CVE-2014-0769
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||HIGH
EPSS-0.33% / 54.81%
||
7 Day CHG~0.00%
Published-25 Apr, 2014 | 01:00
Updated-02 Jul, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Festo CECX-X-(C1/M1) Controller Improper Authentication

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.

Action-Not Available
Vendor-3s-softwaresoftmotion3dfestoFesto
Product-cecx-x-m1_modular_controllercecx-x-c1_modular_master_controllercodesys_runtime_systemsoftmotionCECX-X-M1 Modular Controller with CoDeSys and SoftMotionCECX-X-C1 Modular Master Controller with CoDeSys
CWE ID-CWE-287
Improper Authentication
CVE-2021-21902
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.72%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-garrettn/a
Product-ic_module_cmaGarrett Metal Detectors
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2012-6066
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-73.27% / 98.74%
||
7 Day CHG-4.77%
Published-04 Dec, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.

Action-Not Available
Vendor-freesshdn/a
Product-freesshdn/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • Next
Details not found