Vulnerability Details : CVE-2013-3005
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.
Products affected by CVE-2013-3005
- cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:vios:2.2.2.2:fp-26_sp-02:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3005
0.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3005
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST |
CWE ids for CVE-2013-3005
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3005
-
http://www.ibm.com/support/docview.wss?uid=isg1IV42700
IBM IV42700: TFTP CLIENT IS OVER-PRIVILEGED APPLIES TO AIX 7100-01Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IV40221
IBM IV40221: TFTP CLIENT IS OVER-PRIVILEGED APPLIES TO AIX 6100-06Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IV42933
IBM IV42933: TFTP CLIENT IS OVER-PRIVILEGED APPLIES TO AIX 6100-08Vendor Advisory
-
http://aix.software.ibm.com/aix/efixes/security/tftp_advisory.asc
Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IV42935
IBM IV42935: TFTP CLIENT IS OVER-PRIVILEGED APPLIES TO AIX 7100-02Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/85366
IBM AIX tftp client file overwrite CVE-2013-3005 Vulnerability Report
-
http://www.ibm.com/support/docview.wss?uid=isg1IV42934
IBM IV42934: TFTP CLIENT IS OVER-PRIVILEGED APPLIES TO AIX 7100-00Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19519
Repository / Oval Repository
-
http://www.ibm.com/support/docview.wss?uid=isg1IV42932
IBM IV42932: TFTP CLIENT IS OVER-PRIVILEGED APPLIES TO AIX 6100-07Vendor Advisory
Jump to