CVE-2007-2602

Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/36217
http://securityreason.com/securityalert/2708
http://www.securityfocus.com/archive/1/468070/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:whatsup_gold:11:*:*:*:*:*:*:*

History

27 Aug 2024, 17:48

Type	Values Removed	Values Added
CPE	cpe:2.3:a:ipswitch:whatsup_gold:11:::::::*	cpe:2.3:a:progress:whatsup_gold:11:::::::*
First Time		Progress Progress whatsup Gold

Information

Published : 2007-05-11 10:19

Updated : 2024-08-27 17:48

NVD link : CVE-2007-2602

Mitre link : CVE-2007-2602

CVE.ORG link : CVE-2007-2602

JSON object : View

Products Affected

progress

whatsup_gold

CWE

NVD-CWE-Other

{"id": "CVE-2007-2602", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-05-11T10:19:00.000", "references": [{"url": "http://osvdb.org/36217", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2708", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/468070/100/0/threaded", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el MIBEXTRA.EXE del Ipswitch WhatsUp Gold 11 permite a los atacantes provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un argumento de nombre de fichero MIB largo. NOTA: Si no hay un escenario com\u00fan bajo el que el MIBEXTRA.EXE es llamado con un ataque controlado por argumentos de l\u00ednea de comandos, tal vez esta vulnerabilidad no deber\u00eda de incluirse en el CVE."}], "lastModified": "2024-08-27T17:48:24.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:progress:whatsup_gold:11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CB68BF8-899B-4473-A29C-DFADAA70A64B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}