Vulnerability CVE-2005-3253


Published: 2005-12-16   Modified: 2012-02-12

Description:
Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication.

Vendor: Proxim
Product: Ap-4000 
Version: 3.0; 2.4.12;
Product: Ap-700 
Version: 3.0; 2.4.12;
Product: Ap-600 
Version: 2.5.4;
Product: Ap-2000 
Version: 2.5.4;
Vendor: Avaya
Product: Wireless ap-5 
Version: 2.5.4; 2.5;
Product: Wireless ap-6 
Version: 2.5.4; 2.5;
Product: Wireless ap-3 
Version: 2.5.4; 2.5;
Product: Wireless ap-4 
Version: 2.5.4; 2.5;
Product: Wireless ap-8 
Version: 2.5;
Product: Wireless ap-7 
Version: 2.5;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf
http://secunia.com/advisories/18047
http://www.vupen.com/english/advisories/2005/2931
http://www.osvdb.org/22091
http://secunia.com/advisories/18057
http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf

Related CVE
CVE-2019-7003
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya C...
CVE-2018-8812
An issue was discovered in Avaya one-X Portal for IP Office 9.1.2.0 and prior. The DownloadToLocalDriveServlet function from the AFA portal is only intended to download backup ZIP files from the server to the operator desktop; however, a malicious us...
CVE-2019-7006
Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13.
CVE-2018-15614
A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of...
CVE-2018-15615
A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.
CVE-2018-15613
A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions ...
CVE-2018-15612
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2...
CVE-2018-15610
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 thr...

Copyright 2019, cxsecurity.com

 

Back to Top