Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2707

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2707
Last Modified 07 Mar 2011 09:36:50
Published 31 May 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2707

Summary

Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients.

Vulnerable Systems

Application

  • Secure Elements Class 5 Enterprise Vulnerability Management 2.8.0


References

CERT-VN - VU#207337

VUPEN - ADV-2006-2069

CONFIRM - http://www.kb.cert.org/vuls/id/WDON-6QAPAL

SECUNIA - 20378

XF - c5evm-peer-certificate-security-bypass(26758)

SECTRACK - 1016184


Last Updated: 27 May 2016 10:42:44