Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6816

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-6816
Last Modified 28 May 2009 12:00:00
Published 28 May 2009 10:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6816

Summary

Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php.

Vulnerable Systems


References

XF - mge-paneactionbutton-code-execution(46131)

BID - 31933

BUGTRAQ - 20081027 n.runs-SA-2008.009 - Eaton MGE OPS Network Shutdown Module - authentication bypass vulnerability and remote code execution

MISC - http://www.nruns.com/security_advisory_eaton_mge_ops_network_shutdown_module_authentication_bypass.php

SECUNIA - 32456

OSVDB - 50051

CONFIRM - http://download.mgeops.com/install/win32/nsm/release_note_nsm_320.txt


Last Updated: 27 May 2016 10:49:21