Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0480

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0480
Last Modified 10 Sep 2008 03:12:21
Published 12 Aug 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0480

Summary

ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation.

Vulnerable Systems

Application

  • Iss Realsecure Nokia 6.0


References

BUGTRAQ - 20020322 RE: NMRC Advisory: RealSecure KeyManager Issue - Further Explanation

BUGTRAQ - 20020320 NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances

BID - 4331

BUGTRAQ - 20020321 RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances


Last Updated: 27 May 2016 10:36:56