CVE-2013-1351 : Verax NMS prior to 2.10 allows authentication via the encrypted password without

Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password.

Published 2020-01-30 14:15:11

Updated 2020-02-10 14:48:07

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2013-1351

Veraxsystems » Network Management System
Versions before (<) 2.1.0
cpe:2.3:a:veraxsystems:network_management_system:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.84%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 73 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Assigned by: nvd@nist.gov (Primary)

https://exchange.xforce.ibmcloud.com/vulnerabilities/82704

Verax NMS information disclosure CVE-2013-1351 Vulnerability Report
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/58334

Verax NMS Multiple Security Bypass and Information Disclosure Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
https://andrewbrooksblog.wordpress.com/2013/03/03/verax-nms-13-cve-2013-1351/

Verax NMS (1/3) – CVE-2013-1351 | andrew_brooks(blog)
Exploit;Third Party Advisory

Jump to