CVE-2006-0993
TippingPoint SMS Server Authentication Bypass Vulnerability
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings.
This vulnerability may allow attackers to access sensitive information from vulnerable TippingPoint SMS servers.
The specific flaw exists within the web management interface. Due to insufficient protections on specific directories, an attacker with access to the web interface may be able to view benign data such as the user manual. In the event that the device was being used for backup purposes, it may be possible for an attacker to identify additional information such as configuration settings.
*Credits:
Micheal Cottingham
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-03-03 CVE Reserved
- 2006-05-09 CVE Published
- 2023-07-05 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/20058 | Third Party Advisory | |
| http://securityreason.com/securityalert/870 | Third Party Advisory | |
| http://securitytracker.com/id?1016051 | Vdb Entry | |
| http://www.3com.com/securityalert/alerts/3COM-06-002.html | X_refsource_confirm | |
| http://www.osvdb.org/25360 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/433432/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/17935 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2006/1752 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26338 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-06-013.html | 2018-10-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| 3com Search vendor "3com" | Tippingpoint Sms Server Search vendor "3com" for product "Tippingpoint Sms Server" | <= 2.2.1.4477 Search vendor "3com" for product "Tippingpoint Sms Server" and version " <= 2.2.1.4477" | - |
Affected
| ||||||