CVE-2004-2079

Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/archive/1/353211	Vendor Advisory
http://genhex.org/releases/031003.txt	Vendor Advisory
http://www.securiteam.com/securitynews/5SP0C0KC0A.html	Vendor Advisory
http://www.securityfocus.com/bid/9618	Vendor Advisory
http://securitytracker.com/id?1009001	Exploit Patch Vendor Advisory
http://www.osvdb.org/3952
http://marc.info/?l=full-disclosure&m=107635119005407&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15088

Configurations

Configuration 1 (hide)

cpe:2.3:h:red-m:red-alert:2.7.5_v3.1_build_24:*:*:*:*:*:*:*

Information

Published : 2004-02-08 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-2079

Mitre link : CVE-2004-2079

JSON object : View

CWE

NVD-CWE-Other

Products Affected

red-m

red-alert

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/353211", "name": "20040209 Red-M Red-Alert Multiple Vulnerabilities", "tags": ["Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://genhex.org/releases/031003.txt", "name": "http://genhex.org/releases/031003.txt", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securiteam.com/securitynews/5SP0C0KC0A.html", "name": "http://www.securiteam.com/securitynews/5SP0C0KC0A.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/9618", "name": "9618", "tags": ["Vendor Advisory"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1009001", "name": "1009001", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "SECTRACK"}, {"url": "http://www.osvdb.org/3952", "name": "3952", "tags": [], "refsource": "OSVDB"}, {"url": "http://marc.info/?l=full-disclosure&m=107635119005407&w=2", "name": "20040209 Red-M Red-Alert Multiple Vulnerabilities", "tags": [], "refsource": "FULLDISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15088", "name": "redalert-gain-access(15088)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2079", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-02-09T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:red-m:red-alert:2.7.5_v3.1_build_24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}

7.5 /10