| CVE ID | |
| CVSS SCORE | |
| AFFECTED VENDORS |
3Com TippingPoint Juniper |
| AFFECTED PRODUCTS |
TippingPoint IPS ScreenOS |
| VULNERABILITY DETAILS |
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of TippingPoint IPS and Juniper ScreenOS. Authentication is required to exploit this vulnerability. The specific flaw exists in the web-based administrative console of the affected devices. Unprivileged users with read only permissions are not presented with restricted functionality such as the ability to modify users, device configuration or reboot the device. However, no check is made on the back end to prevent unprivileged users from accessing these resources. By manually generating requests to administrative components, privilege restrictions are easily bypassed. |
| ADDITIONAL DETAILS |
This issue has been addressed in TippingPoint IPS version 2.5.1.6826 released on April 2nd 2007. Customers can obtain the update through the SMS device or by visiting http://tmc.tippingpoint.com This issue has been addressed in ScreenOS versions 6.0 and 5.4R4, released in April of 2007. |
| DISCLOSURE TIMELINE |
|
| CREDIT | Anonymous |
