Lucene search

MitreCVE-2006-2707

HistoryMay 31, 2006 - 10:02 p.m.

CVE-2006-2707

2006-05-3122:02:00

mitre

web.nvd.nist.gov

secure elements

class 5

avr server

c5 evm

update validation

remote attackers

cve-2006-2707

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

0.019

Percentile

88.6%

JSON

Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients.

Affected configurations

Nvd

Node

secure_elementsclass_5_enterprise_vulnerability_managementMatch2.8.0

VendorProductVersionCPE
secure_elementsclass_5_enterprise_vulnerability_management2.8.0cpe:2.3:a:secure_elements:class_5_enterprise_vulnerability_management:2.8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
secure_elements	class_5_enterprise_vulnerability_management	2.8.0	cpe:2.3:a:secure_elements:class_5_enterprise_vulnerability_management:2.8.0:::::::*

References

secunia.com/advisories/20378

securitytracker.com/id?1016184

www.kb.cert.org/vuls/id/207337

www.kb.cert.org/vuls/id/WDON-6QAPAL

www.vupen.com/english/advisories/2006/2069

exchange.xforce.ibmcloud.com/vulnerabilities/26758

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

0.019

Percentile

88.6%

JSON

Related for CVE-2006-2707