CVE-2012-5930
Novell NetIQ Privileged User Manager 2.3.1 - 'auth.dll' pa_modify_accounts() Remote Code Execution
Severity Score
6.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request.
La función pa_modify_accounts en auth.dll en unifid.exe en NetIQ Privileged User Manager v2.3.x antes de v2.3.1 HF2 no requiere autenticación para el método modifyAccounts, lo que permite a atacantes remotos cambiar las contraseñas de cuentas administrativas a través de una petición application/x-amf hecha a mano.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-11-15 First Exploit
- 2012-11-20 CVE Reserved
- 2012-12-24 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://download.novell.com/Download?buildid=K6-PmbPjduA~ | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/22737 | 2012-11-15 | |
| http://retrogod.altervista.org/9sg_novell_netiq_i.htm | 2024-09-16 | |
| http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htm | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.netiq.com/support/kb/doc.php?id=7011385 | 2021-04-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microfocus Search vendor "Microfocus" | Privileged User Manager Search vendor "Microfocus" for product "Privileged User Manager" | 2.3.0 Search vendor "Microfocus" for product "Privileged User Manager" and version "2.3.0" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Privileged User Manager Search vendor "Microfocus" for product "Privileged User Manager" | 2.3.1 Search vendor "Microfocus" for product "Privileged User Manager" and version "2.3.1" | - |
Affected
| ||||||