The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack.
References
Link | Resource |
---|---|
https://na3.salesforce.com/sfc/#version?id=06850000000JDx3 | |
http://www.kb.cert.org/vuls/id/709939 | US Government Resource |
http://www.kb.cert.org/vuls/id/MAPG-8TJKAF |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2012-06-13 08:55
Updated : 2012-06-13 08:55
NVD link : CVE-2012-2606
Mitre link : CVE-2012-2606
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
bradfordnetworks
- network_sentry_appliance
- network_sentry_appliance_software