Vulnerability CVE-2007-6226
Published: 2007-12-04   Modified: 2012-02-12

Description:
The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
APC Management Vulnerability
Gary Simat &...
06.12.2007

Type:

CWE-287

 (Improper Authentication)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.1/10
6.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
APC -> OAS 
APC -> Switched rack pdu firmware 

 References:
http://securityreason.com/securityalert/3418
http://securitytracker.com/id?1019018
http://www.securityfocus.com/archive/1/484363/100/0/threaded
http://www.securityfocus.com/bid/26636
https://exchange.xforce.ibmcloud.com/vulnerabilities/38783
Copyright 2024, cxsecurity.com

 

Back to Top