Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-6437

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-24 Jan, 2013 | 21:00
Updated At-30 Jun, 2025 | 22:05
Rejected At-
Credits

Rockwell Automation ControlLogix PLC Improper Authentication

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:24 Jan, 2013 | 21:00
Updated At:30 Jun, 2025 | 22:05
Rejected At:
▼CVE Numbering Authority (CNA)
Rockwell Automation ControlLogix PLC Improper Authentication

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Affected Products
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules
Default Status
unaffected
Versions
Affected
  • All
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
CompactLogix L32E and L35E controllers
Default Status
unaffected
Versions
Affected
  • All
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
1788-ENBT FLEXLogix adapter
Default Status
unaffected
Versions
Affected
  • All
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
1794-AENTR FLEX I/O EtherNet/IP adapter
Default Status
unaffected
Versions
Affected
  • All
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
ControlLogix, CompactLogix, GuardLogix, and SoftLogix
Default Status
unaffected
Versions
Affected
  • From 0 through 18 (custom)
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
CompactLogix and SoftLogix controllers
Default Status
unaffected
Versions
Affected
  • From 0 through 19 (custom)
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
ControlLogix and GuardLogix controllers
Default Status
unaffected
Versions
Affected
  • From 0 through 20 (custom)
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
MicroLogix
Default Status
unaffected
Versions
Affected
  • 1100
  • 1400
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287
Type: CWE
CWE ID: CWE-287
Description: CWE-287
Metrics
VersionBase scoreBase severityVector
2.010.0N/A
AV:N/AC:L/Au:N/C:C/I:C/A:C
Version: 2.0
Base score: 10.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration. To mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell’s Advisories at: https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154 https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155 https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156 For more information on security with Rockwell Automation products, please refer to Rockwell’s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 .

Configurations
Workarounds

Rockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products. To mitigate the vulnerability with the Web server password authentication mechanism: * Upgrade the MicroLogix 1400 firmware to FRN 12 or higher. * Because of limitations in the MicroLogix 1100 platform, none of the firmware updates will be able to fix this issue, so users should use the following techniques to help reduce the likelihood of compromise. * Where possible, disable the Web server and change all default Administrator and Guest passwords. * If Web server functionality is needed, then Rockwell recommends upgrading the product’s firmware to the most current version to have the newest enhanced protections available such as: * When a controller receives two consecutive invalid authentication requests from an HTTP client, the controller resets the Authentication Counter after 60 minutes. * When a controller receives 10 invalid authentication requests from any HTTP client, it will not accept any valid or invalid authentication packets until a 24-hour HTTP Server Lock Timer timeout. * If Web server functionality is needed, Rockwell also recommends configuring user accounts to have READ only access to the product so those accounts cannot be used to make configuration change In addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices: * Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures. * Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment. * Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked. * Use up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets. * Make sure that software and control system device firmware is patched to current releases. * Periodically change passwords in control system components and infrastructure devices. * Where applicable, set the controller key-switch/mode-switch to RUN mode. For more information on security with Rockwell Automation products, please refer to Rockwell’s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 .

Exploits
Credits
finder
Rubén Santamarta of IOActive identified vulnerabilities in Rockwell Automation’s ControlLogix PLC and released proof-of-concept (exploit) code at the Digital Bond S4 Conference on January 19, 2012.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03
N/A
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154
N/A
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155
N/A
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156
N/A
http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03
Resource: N/A
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154
Resource: N/A
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155
Resource: N/A
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156
Resource: N/A
Hyperlink: http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf
x_refsource_MISC
x_transferred
Hyperlink: http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:24 Jan, 2013 | 21:55
Updated At:30 Jun, 2025 | 22:15

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Secondary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Rockwell Automation, Inc.
rockwellautomation
>>controllogix_controllers>>Versions up to 20(inclusive)
cpe:2.3:a:rockwellautomation:controllogix_controllers:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>guardlogix_controllers>>Versions up to 20(inclusive)
cpe:2.3:a:rockwellautomation:guardlogix_controllers:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>micrologix>>Versions up to 1100(inclusive)
cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>micrologix>>Versions up to 1400(inclusive)
cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>softlogix_controllers>>Versions up to 19(inclusive)
cpe:2.3:a:rockwellautomation:softlogix_controllers:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>1756-enbt>>-
cpe:2.3:h:rockwellautomation:1756-enbt:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>1756-eweb>>-
cpe:2.3:h:rockwellautomation:1756-eweb:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>1768-enbt>>-
cpe:2.3:h:rockwellautomation:1768-enbt:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>1768-eweb>>-
cpe:2.3:h:rockwellautomation:1768-eweb:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>1794-aentr_flex_i\/o_ethernet\/ip_adapter>>-
cpe:2.3:h:rockwellautomation:1794-aentr_flex_i\/o_ethernet\/ip_adapter:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>compactlogix>>Versions up to 18(inclusive)
cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>compactlogix_controllers>>Versions up to 19(inclusive)
cpe:2.3:h:rockwellautomation:compactlogix_controllers:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>compactlogix_l32e_controller>>-
cpe:2.3:h:rockwellautomation:compactlogix_l32e_controller:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>compactlogix_l35e_controller>>-
cpe:2.3:h:rockwellautomation:compactlogix_l35e_controller:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>controllogix>>Versions up to 18(inclusive)
cpe:2.3:h:rockwellautomation:controllogix:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>flexlogix_1788-enbt_adapter>>-
cpe:2.3:h:rockwellautomation:flexlogix_1788-enbt_adapter:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>guardlogix>>Versions up to 18(inclusive)
cpe:2.3:h:rockwellautomation:guardlogix:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>softlogix>>Versions up to 18(inclusive)
cpe:2.3:h:rockwellautomation:softlogix:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primaryics-cert@hq.dhs.gov
CWE-287Secondarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: ics-cert@hq.dhs.gov
CWE ID: CWE-287
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102ics-cert@hq.dhs.gov
N/A
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154ics-cert@hq.dhs.gov
N/A
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155ics-cert@hq.dhs.gov
N/A
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156ics-cert@hq.dhs.gov
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03ics-cert@hq.dhs.gov
N/A
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdfaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
Hyperlink: http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

242Records found
CVE-2013-1080
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-72.92% / 98.72%
||
7 Day CHG~0.00%
Published-29 Mar, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.

Action-Not Available
Vendor-n/aNovell
Product-zenworks_configuration_managementn/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-6603
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.69% / 81.46%
||
7 Day CHG~0.00%
Published-31 Aug, 2013 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.
Product-pan-osn/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-5864
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.4||HIGH
EPSS-15.43% / 94.38%
||
7 Day CHG~0.00%
Published-23 Nov, 2012 | 11:00
Updated-08 Jul, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sinapsi eSolar Improper Authentication

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.

Action-Not Available
Vendor-sinapsitechSinapsi
Product-sinapsi_firmwareesolar_duo_photovoltaic_system_monitoresolar_photovoltaic_system_monitoresolar_light_photovoltaic_system_monitoreSolareSolar LighteSolar DUO
CWE ID-CWE-287
Improper Authentication
CVE-2012-4599
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.69% / 90.86%
||
7 Day CHG~0.00%
Published-22 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to execute arbitrary code via a crafted .war file.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-smartfilter_administrationn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-11264
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 11:25
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarewcn3991_firmwareqca2066sd678sa6150p_firmwaresm7250sa8145p_firmwareqcs610wsa8830qca1062_firmwareqcs2290_firmwareqca8337sm7250_firmwarecsrb31024mdm9650sd_636csra6620qcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqcs2290qca6390_firmwareqca2064_firmwareqca2062qca6174_firmwaresd690_5gsd730_firmwarecsra6620_firmwareqcs605_firmwaresd_675_firmwaresd675_firmwarewcd9370csra6640_firmwareqcs6125_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqca9377sa415mwcn3998sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950wcd9326_firmwaresd720gwcn3615_firmwarewcn3660bwcn3910_firmwareqca2065sd662sd460_firmwareqca1064sa8155qca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595auwcd9375_firmwarewcn3615wcn3998_firmwarewcn3999_firmwareqca6420qca6436_firmwareapq8053_firmwaresdx20mqca6564au_firmwareqca6584ausa6155p_firmwaresd778gwcn3999qrb5165_firmwaresdxr2_5gqcs6125sa8155_firmwaresd662_firmwaresdm630sa415m_firmwareqcs405qca6430sc8280xp_firmwarewcn3988_firmwaresa6145p_firmwaresm6250sd778g_firmwarewcd9340sa8195pwsa8810_firmwaresd765gsd765_firmwareqca6436wcd9326wcd9335sa6155pwcn6851qcs603_firmwareqca6174a_firmwareqcs4290_firmwarewcd9385wcd9341qca2066_firmwareqca6696_firmwareqca2065_firmwaresd750gsd870_firmwareqca1062ar8035qca6390sd_8cxaqt1000apq8064ausa8150psd750g_firmwaresm6250_firmwaremsm8953_firmwarewcd9375wsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresdx20_firmwarewcn3988sd888_5g_firmwarewcn6850_firmwaresd660_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqca6564awcn6750_firmwareqcm6125_firmwareqcm2290_firmwarewcn3991qca8337_firmwarewcd9380_firmwarewcn3990sd_675msm8996au_firmwaresd780gsd865_5gqca6564ausdx24sdx55m_firmwarewcn6856_firmwaresd888wsa8835qca6574msm8996ausd665_firmwarewcd9380sd888_5gqcs410qca6574asd690_5g_firmwaresdx50m_firmwarewcn6855_firmwareqca6174asdx24_firmwaresm7325qca6174qca6430_firmwarewcd9335_firmwarewcn3980wcn6750qca6574_firmwareqcs605wcd9340_firmwaresd855wsa8815wcn6850sd665wcn3910mdm9650_firmwareqca6175asd765qca6426_firmwarewcn3660b_firmwareqca6574a_firmwaresd768g_firmwaresd835wcn3980_firmwaresd460qca6391sd730sdx55maqt1000_firmwareqca2062_firmwarewcn6740_firmwaremsm8953sd678_firmwareapq8064au_firmwarear8031_firmwarecsrb31024_firmwareqcm4290sdx50msdx20qrb5165sd480_firmwareqcs603wcn6851_firmwareqca6164_firmwareqca6574ausa8155p_firmwaresd_636_firmwareqca6564a_firmwarewcd9341_firmwareqcm6125qcm4290_firmwaresd480sd870sdx20m_firmwarewcn6855wsa8810qcs610_firmwarewcn6856sa6145pwcn3680bsd835_firmwaresd768gapq8096auar8031qcs405_firmwareqca1064_firmwaresa8145pqca6164qca6696sdm630_firmwareqca6391_firmwarewcn6740qca2064sd780g_firmwaresd845_firmwarewcd9370_firmwaresa6150psd888_firmwaresc8280xpapq8053apq8096au_firmwarecsra6640sa8155psd675sd845sdx55sd720g_firmwareqcs410_firmwareqca6175a_firmwarear8035_firmwareqcm2290sm7325_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-287
Improper Authentication
CVE-2017-15548
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.50%
||
7 Day CHG~0.00%
Published-05 Jan, 2018 | 17:00
Updated-05 Aug, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-integrated_data_protection_applianceavamar_servernetworkerEMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0
CWE ID-CWE-287
Improper Authentication
CVE-2017-14322
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-18.80% / 95.04%
||
7 Day CHG~0.00%
Published-18 Oct, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.

Action-Not Available
Vendor-interspiren/a
Product-email_marketern/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-2974
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-0.80% / 73.04%
||
7 Day CHG~0.00%
Published-19 Jul, 2012 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/.

Action-Not Available
Vendor-smcn/a
Product-smc8024l2_switchn/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-3002
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-3.08% / 86.23%
||
7 Day CHG~0.00%
Published-21 Dec, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL.

Action-Not Available
Vendor-wansviewfoscamn/a
Product-h.264_hi3510\/11\/12_ip_cameran/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-1808
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-0.57% / 67.47%
||
7 Day CHG~0.00%
Published-13 Apr, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors.

Action-Not Available
Vendor-koyon/a
Product-h4-ecomh2-ecom100h0-ecom100h2-ecom-fh2-ecomh4-ecom-fh4-ecom100h0-ecomn/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-13983
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-14.92% / 94.28%
||
7 Day CHG~0.00%
Published-29 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.

Action-Not Available
Vendor-n/aHP Inc.
Product-bsm_platform_application_performance_management_system_healthn/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-1799
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-1.01% / 76.19%
||
7 Day CHG~0.00%
Published-18 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

Action-Not Available
Vendor-n/aSiemens AG
Product-scalance_s_firmwarescalance_s602scalance_s612scalance_s613n/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-32967
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.04%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 17:11
Updated-03 Aug, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.

Action-Not Available
Vendor-n/aDelta Electronics, Inc.
Product-diaenergieDelta Electronics DIAEnergie
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2011-4051
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-74.79% / 98.82%
||
7 Day CHG~0.00%
Published-05 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.

Action-Not Available
Vendor-indusoftn/a
Product-web_studion/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-4214
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.53% / 80.55%
||
7 Day CHG~0.00%
Published-01 Nov, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie.

Action-Not Available
Vendor-oneorzeron/a
Product-aimsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2004-1760
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.12% / 90.42%
||
7 Day CHG~0.00%
Published-10 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.

Action-Not Available
Vendor-n/aIBM CorporationCisco Systems, Inc.
Product-x330conference_connectionx345emergency_respondermcs-7835i-2.4mcs-7815-1000internet_service_nodex342ip_call_center_express_standardip_call_center_express_enhancedpersonal_assistantip_interactive_voice_responsemcs-7815i-2.0call_managerdirector_agentx340mcs-7835i-3.0n/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-3478
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-58.41% / 98.12%
||
7 Day CHG~0.00%
Published-25 Jan, 2012 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-pcanywheren/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-14911
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.96% / 82.75%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 15:00
Updated-17 Sep, 2024 | 02:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206sd_652sd_425_firmwaresd_212_firmwaresd_625_firmwareapq8096aumsm8996au_firmwaresd_425sd_430_firmwaremdm9206_firmwaresd_430mdm9650sd_625apq8096au_firmwaresd_210sd_820_firmwaremsm8996ausd_820sd_650sd_835_firmwaremdm9650_firmwaresd_212sd_835sd_205sd_210_firmwaresd_652_firmwaresd_205_firmwaresd_650_firmwareSnapdragon IoT, Snapdragon Mobile, Snapdragon Automobile
CWE ID-CWE-287
Improper Authentication
CVE-2017-14002
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-15.38% / 94.37%
||
7 Day CHG~0.00%
Published-20 Mar, 2018 | 16:00
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.

Action-Not Available
Vendor-geGE Healthcare
Product-infinia_hawkeye_4infinia_hawkeye_4_firmwareGE Infinia
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2017-14243
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-60.33% / 98.21%
||
7 Day CHG~0.00%
Published-17 Sep, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi.

Action-Not Available
Vendor-utstarn/a
Product-wa3002g4wa3002g4_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-1519
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.00% / 94.07%
||
7 Day CHG~0.00%
Published-25 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_dominon/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-0383
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-4.70% / 88.94%
||
7 Day CHG+1.04%
Published-25 Feb, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_recording_server_softwaretelepresence_recording_servertelepresence_multipoint_switchtelepresence_multipoint_switch_softwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-1279
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.91% / 82.53%
||
7 Day CHG~0.00%
Published-09 Sep, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, and 15.1R before 15.1R3 might allow remote attackers to obtain sensitive information and consequently gain administrative privileges via unspecified vectors.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.
Product-junosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2002-2397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.55% / 66.97%
||
7 Day CHG~0.00%
Published-01 Nov, 2007 | 17:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-sygate_personal_firewalln/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6916
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.65% / 87.39%
||
7 Day CHG~0.00%
Published-07 Aug, 2009 | 18:33
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.

Action-Not Available
Vendor-john_doen/aSiemens AG
Product-speedstream_5200netport_softwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-0384
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-5.71% / 90.06%
||
7 Day CHG~0.00%
Published-25 Feb, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_multipoint_switchtelepresence_multipoint_switch_softwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2002-2279
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.71% / 71.24%
||
7 Day CHG~0.00%
Published-18 Oct, 2007 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions.

Action-Not Available
Vendor-aldapn/a
Product-aldapn/a
CWE ID-CWE-287
Improper Authentication
CVE-2010-4279
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-85.04% / 99.30%
||
7 Day CHG~0.00%
Published-02 Dec, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.

Action-Not Available
Vendor-n/aPandora FMS S.L.U.
Product-pandora_fmsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-3268
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.19% / 40.86%
||
7 Day CHG~0.00%
Published-24 Apr, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aNovell
Product-imanagern/a
CWE ID-CWE-287
Improper Authentication
CVE-2010-4232
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.71% / 90.88%
||
7 Day CHG~0.00%
Published-16 Nov, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI.

Action-Not Available
Vendor-camtrontecvozn/a
Product-cmnc-200_firmwarecmnc-200n/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-12478
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-71.00% / 98.64%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.

Action-Not Available
Vendor-kaseyan/a
Product-unitrends_backupn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-2197
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 42.24%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 18:42
Updated-16 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exemys RME1

By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations.

Action-Not Available
Vendor-exemysExemys
Product-rme1_firmwarerme1RME1-AI firmware
CWE ID-CWE-287
Improper Authentication
CVE-2019-6441
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-46.26% / 97.56%
||
7 Day CHG~0.00%
Published-19 Mar, 2019 | 20:08
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.

Action-Not Available
Vendor-coshipn/a
Product-rt7620rt3050rt3052_firmwarert7620_firmwarert3050_firmwarert3052wm3300_firmwarewm3300n/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-12477
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-74.87% / 98.82%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.

Action-Not Available
Vendor-kaseyan/a
Product-unitrends_backupn/a
CWE ID-CWE-287
Improper Authentication
CVE-2010-0447
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-6.20% / 90.49%
||
7 Day CHG~0.00%
Published-10 Mar, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_performance_insightn/a
CWE ID-CWE-287
Improper Authentication
CVE-1999-0987
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.51% / 89.86%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-0823
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.85% / 73.91%
||
7 Day CHG~0.00%
Published-19 Feb, 2008 | 20:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-header_imagen/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-1244
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.02% / 89.31%
||
7 Day CHG~0.00%
Published-10 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected.

Action-Not Available
Vendor-n/aBelkin International, Inc.
Product-f5d7230-4n/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-1154
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-5.57% / 89.91%
||
7 Day CHG~0.00%
Published-04 Apr, 2008 | 19:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-mobility_managerunified_communications_managerunified_presenceemergency_respondern/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-0960
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-36.63% / 97.01%
||
7 Day CHG~0.00%
Published-10 Jun, 2008 | 18:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.

Action-Not Available
Vendor-ingateecos_sourcewaren/aCisco Systems, Inc.Net-SNMPSun Microsystems (Oracle Corporation)Juniper Networks, Inc.
Product-ace_20_service_modulesolarissession_and_resource_controlnet_snmpsunosingate_firewallsrc_peace_xml_gatewayingate_siparatormds_9124mds_9120ace_20_6504_bundle_with__4gbps_throughputmds_9140iosace_10_6504_bundle_with_4_gbps_throughputace_20_6509_bundle_with_8gbps_throughputnx_osecosace_4710cisco_iosace_10_6509_bundle_with_8_gbps_throughputace_10_service_modulemds_9134catosios_xrn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2505
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-47.85% / 97.63%
||
7 Day CHG~0.00%
Published-09 Dec, 2009 | 18:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_vistan/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-1262
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-19.59% / 95.19%
||
7 Day CHG~0.00%
Published-10 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.

Action-Not Available
Vendor-n/aAirspan Networks
Product-wimax_prostn/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-12229
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-9.26% / 92.41%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication and gain access to the web UI of the affected software. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuz46036.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xeCisco IOS XE
CWE ID-CWE-287
Improper Authentication
CVE-2008-0640
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.50% / 87.13%
||
7 Day CHG~0.00%
Published-08 Feb, 2008 | 01:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-ghost_solutions_suiten/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-3027
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-43.91% / 97.45%
||
7 Day CHG~0.00%
Published-11 Dec, 2009 | 16:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-backup_exec_continuous_protection_serververitas_storage_foundation_for_sybaseveritas_netbackup_reporterveritas_storage_foundation_for_oracleveritas_micromeasureveritas_storae_foundationveritas_cluster_serververitas_storage_foundation_for_windows_high_availabilityveritas_command_central_storage_change_managerveritas_backup_execveritas_cluster_server_oneveritas_storage_foundationveritas_command_central_storageveritas_cluster_server_management_consoleveritas_application_directorveritas_command_central_enterprise_reporterveritas_storage_foundation_for_db2veritas_storage_foundation_cluster_file_system_for_oracle_racveritas_netbackup_operations_managerveritas_storage_foundation_managerveritas_storage_foundation_for_oracle_real_application_clusterveritas_storage_foundation_cluster_file_systemveritas_storage_foundation_for_high_availabilityn/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-20020
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.38% / 84.38%
||
7 Day CHG~0.00%
Published-10 Apr, 2021 | 06:50
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.

Action-Not Available
Vendor-SonicWall Inc.
Product-global_management_systemGlobal Management System (GMS)
CWE ID-CWE-287
Improper Authentication
CVE-2008-0229
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.83% / 73.66%
||
7 Day CHG~0.00%
Published-10 Jan, 2008 | 23:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access.

Action-Not Available
Vendor-level_onen/a
Product-wbr-3460an/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-12337
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-12.27% / 93.60%
||
7 Day CHG~0.00%
Published-16 Nov, 2017 | 07:00
Updated-31 Jul, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-mediasenseprime_license_managerunified_communications_managerunified_contact_center_expresshosted_collaboration_solutionunified_intelligence_centeremergency_responderunified_communications_manager_im_and_presence_servicesocialminerfinesseunity_connectionCisco Voice Operating System
CWE ID-CWE-287
Improper Authentication
CVE-2017-10903
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-4.81% / 89.07%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.

Action-Not Available
Vendor-princetonPrinceton Ltd.
Product-ptw-wms1ptw-wms1_firmwarePTW-WMS1
CWE ID-CWE-287
Improper Authentication
CVE-2007-5391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.10% / 88.14%
||
7 Day CHG~0.00%
Published-12 Oct, 2007 | 10:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-select_identityn/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found