Vulnerability Details : CVE-2004-2079
Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user.
Products affected by CVE-2004-2079
- cpe:2.3:h:red-m:red-alert:2.7.5_v3.1_build_24:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2079
0.78%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2079
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-2079
-
http://genhex.org/releases/031003.txt
Vendor Advisory
-
http://marc.info/?l=full-disclosure&m=107635119005407&w=2
-
http://www.securiteam.com/securitynews/5SP0C0KC0A.html
Vendor Advisory
-
http://www.securityfocus.com/archive/1/353211
Vendor Advisory
-
http://securitytracker.com/id?1009001
Exploit;Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15088
-
http://www.securityfocus.com/bid/9618
Vendor Advisory
Jump to