CVE-2009-2357

The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56
http://www.securityfocus.com/archive/1/504740/100/0/threaded
http://www.vupen.com/english/advisories/2009/1816
http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56
http://www.securityfocus.com/archive/1/504740/100/0/threaded
http://www.vupen.com/english/advisories/2009/1816

Configurations

Configuration 1 (hide)

cpe:2.3:a:yasinkaplan:tekradius:3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:04

Type	Values Removed	Values Added
References	~~() http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56 -~~	() http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56 -
References	~~() http://www.securityfocus.com/archive/1/504740/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/504740/100/0/threaded -
References	~~() http://www.vupen.com/english/advisories/2009/1816 -~~	() http://www.vupen.com/english/advisories/2009/1816 -

Information

Published : 2009-07-07 23:30

Updated : 2024-11-21 01:04

NVD link : CVE-2009-2357

Mitre link : CVE-2009-2357

CVE.ORG link : CVE-2009-2357

JSON object : View

Products Affected

yasinkaplan

tekradius

CWE

CWE-16

Configuration

{"id": "CVE-2009-2357", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-07-07T23:30:00.390", "references": [{"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1816", "source": "cve@mitre.org"}, {"url": "http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/504740/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/1816", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto de TekRADIUS v3.0 usa la cuenta \"sa\" para comunicarse con Microsoft SQL Server, lo que facilita a atacantes remotos obtener acceso privilegiado a la base de datos y al sistema operativo Windows subyacente."}], "lastModified": "2024-11-21T01:04:41.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yasinkaplan:tekradius:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8072089D-81C9-41A9-AEB3-DEC23DF2A9B5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}