Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2139

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-2139
Last Modified 05 Sep 2008 12:00:00
Published 12 May 2008 01:20:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2008-2139

Summary

The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.

Vulnerable Systems


References

XF - rootpw-rpath-appliance-privilege-escalation(42394)

XF - rootpw-rpath-appliance-csrf(42393)

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148


Last Updated: 27 May 2016 10:47:46