Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6487

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2007-6487
Last Modified 15 Nov 2008 02:04:47
Published 20 Dec 2007 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-6487

Summary

Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680.

Vulnerable Systems

Application

  • Plain Black Webgui 7.4.0

  • Plain Black Webgui 7.4.1

  • Plain Black Webgui 7.4.10

  • Plain Black Webgui 7.4.11

  • Plain Black Webgui 7.4.12

  • Plain Black Webgui 7.4.13

  • Plain Black Webgui 7.4.14

  • Plain Black Webgui 7.4.15

  • Plain Black Webgui 7.4.16

  • Plain Black Webgui 7.4.17

  • Plain Black Webgui 7.4.2

  • Plain Black Webgui 7.4.3

  • Plain Black Webgui 7.4.4

  • Plain Black Webgui 7.4.5

  • Plain Black Webgui 7.4.6

  • Plain Black Webgui 7.4.7

  • Plain Black Webgui 7.4.8

  • Plain Black Webgui 7.4.9


References

XF - webgui-admin-security-bypass(39041)

CONFIRM - http://www.plainblack.com/getwebgui/advisories/webgui-7_4_18-stable-released/

CONFIRM - http://www.plainblack.com/bugs/tracker/secondary-admin-can-create-user-with-admin-privilege

SECUNIA - 28059

OSVDB - 42632


Last Updated: 27 May 2016 10:46:31