Vulnerability Details : CVE-2006-3425
FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.
Products affected by CVE-2006-3425
- cpe:2.3:a:novell:zenworks:*:sr1:*:*:*:*:*:*
- cpe:2.3:a:lumension:patchlink_update_server:6.2.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:lumension:patchlink_update_server:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:lumension:patchlink_update_server:6.2.0.181:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3425
2.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3425
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-3425
-
http://www.vupen.com/english/advisories/2006/2596
-
http://www.vupen.com/english/advisories/2006/2595
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html
-
http://securitytracker.com/id?1016405
Patch
-
http://www.securityfocus.com/archive/1/438710/100/0/threaded
-
http://securityreason.com/securityalert/1200
-
http://www.securityfocus.com/bid/18723
Jump to