CVE-2013-6766

{"id": "CVE-2013-6766", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-19T14:55:09.533", "references": [{"url": "http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html", "source": "cve@mitre.org"}, {"url": "http://www.openvas.org/OVSA20131108.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2013/11/10/2", "source": "cve@mitre.org"}, {"url": "http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openvas.org/OVSA20131108.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2013/11/10/2", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC."}, {"lang": "es", "value": "OpenVAS Administrator 1.2 anterior a 1.2.2 y 1.3 anterior a 1.3.2 permite a atacantes remotos evadir las restricciones de autenticaci\u00f3n OAP y ejecutar comandos OAP a trav\u00e9s de una solicitud OAP manipulada para informaci\u00f3n de versi\u00f3n, lo que causa que el estado se configure como CLIENT_AUTHENTIC."}], "lastModified": "2024-11-21T01:59:40.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openvas:openvas_administrator:1.2:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A359E0-1E06-4691-9E7B-D5A6E15B84F6"}, {"criteria": "cpe:2.3:a:openvas:openvas_administrator:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51E43D7F-E3BB-4557-B407-28525160D5D6"}, {"criteria": "cpe:2.3:a:openvas:openvas_administrator:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06EABC14-4312-4AD9-9AE8-9576DD69C16A"}, {"criteria": "cpe:2.3:a:openvas:openvas_administrator:1.3:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7CD897C-4DF6-4F08-A33F-2C210B7D74D6"}, {"criteria": "cpe:2.3:a:openvas:openvas_administrator:1.3:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8351F68D-F762-4872-9A20-ABB7D2F4CCE0"}, {"criteria": "cpe:2.3:a:openvas:openvas_administrator:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCBD7C05-AD08-40D7-9B65-6498CCE114B5"}, {"criteria": "cpe:2.3:a:openvas:openvas_administrator:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7EF8F86-58FA-4633-99EF-B5E6A24896B3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}