CVE-2013-6765
OpenVAS Manager 4.0 - Authentication Bypass
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.
OpenVAS Manager 3.0 anterior a 3.0.7 y 4.0 anterior a 4.0.4 permite a atacantes remotos evadir las restricciones de autenticación OMP y ejecutar comandos OMP a través de una solicitud OMP manipulada para información de versión, lo que causa que el estado se configure como CLIENT_AUTHENTIC, tal y como fue demostrado por la función omp_xml_handle_end_element en omp.c.
It has been identified that OpenVAS Manager and OpenVAS Administrator are vulnerable to authentication bypass due to an incorrect state assignment when processing OMP and OAP requests. It has been identified that this vulnerability may allow unauthorised access to OpenVAS Manager and OpenVAS Administrator on vulnerable systems.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-11-09 CVE Reserved
- 2013-11-15 CVE Published
- 2014-07-21 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.openvas.org/OVSA20131108.html | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2013/11/10/2 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/34026 | 2014-07-21 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html | 2014-05-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 4.0 Search vendor "Openvas" for product "Openvas Manager" and version "4.0" | beta1 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 4.0 Search vendor "Openvas" for product "Openvas Manager" and version "4.0" | beta2 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 4.0 Search vendor "Openvas" for product "Openvas Manager" and version "4.0" | beta3 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 4.0 Search vendor "Openvas" for product "Openvas Manager" and version "4.0" | beta4 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 4.0 Search vendor "Openvas" for product "Openvas Manager" and version "4.0" | beta5 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 4.0 Search vendor "Openvas" for product "Openvas Manager" and version "4.0" | rc1 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 4.0.0 Search vendor "Openvas" for product "Openvas Manager" and version "4.0.0" | - |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 4.0.1 Search vendor "Openvas" for product "Openvas Manager" and version "4.0.1" | - |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 4.0.2 Search vendor "Openvas" for product "Openvas Manager" and version "4.0.2" | - |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 4.0.3 Search vendor "Openvas" for product "Openvas Manager" and version "4.0.3" | - |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0 Search vendor "Openvas" for product "Openvas Manager" and version "3.0" | beta1 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0 Search vendor "Openvas" for product "Openvas Manager" and version "3.0" | beta2 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0 Search vendor "Openvas" for product "Openvas Manager" and version "3.0" | beta3 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0 Search vendor "Openvas" for product "Openvas Manager" and version "3.0" | beta4 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0 Search vendor "Openvas" for product "Openvas Manager" and version "3.0" | beta5 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0 Search vendor "Openvas" for product "Openvas Manager" and version "3.0" | beta6 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0 Search vendor "Openvas" for product "Openvas Manager" and version "3.0" | beta7 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0 Search vendor "Openvas" for product "Openvas Manager" and version "3.0" | beta8 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0 Search vendor "Openvas" for product "Openvas Manager" and version "3.0" | rc1 |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0.0 Search vendor "Openvas" for product "Openvas Manager" and version "3.0.0" | - |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0.1 Search vendor "Openvas" for product "Openvas Manager" and version "3.0.1" | - |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0.2 Search vendor "Openvas" for product "Openvas Manager" and version "3.0.2" | - |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0.3 Search vendor "Openvas" for product "Openvas Manager" and version "3.0.3" | - |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0.4 Search vendor "Openvas" for product "Openvas Manager" and version "3.0.4" | - |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0.5 Search vendor "Openvas" for product "Openvas Manager" and version "3.0.5" | - |
Affected
| ||||||
| Openvas Search vendor "Openvas" | Openvas Manager Search vendor "Openvas" for product "Openvas Manager" | 3.0.6 Search vendor "Openvas" for product "Openvas Manager" and version "3.0.6" | - |
Affected
| ||||||