Lucene search

MitreCVE-2007-6226

HistoryDec 04, 2007 - 6:46 p.m.

CVE-2007-6226

2007-12-0418:46:00

CWE-287

mitre

web.nvd.nist.gov

american power conversion

apc

ap7932

pdu

authentication bypass

remote attackers

nvd

cve-2007-6226

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

Confidence

Low

EPSS

0.063

Percentile

93.7%

JSON

The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits.

Affected configurations

Nvd

Node

apcoasMatch3.5.6

apcswitched_rack_pdu_firmwareMatch3.5.5

VendorProductVersionCPE
apcoas3.5.6cpe:2.3:a:apc:oas:3.5.6:*:*:*:*:*:*:*
apcswitched_rack_pdu_firmware3.5.5cpe:2.3:a:apc:switched_rack_pdu_firmware:3.5.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apc	oas	3.5.6	cpe:2.3:a:apc:oas:3.5.6:::::::*
apc	switched_rack_pdu_firmware	3.5.5	cpe:2.3:a:apc:switched_rack_pdu_firmware:3.5.5:::::::*

References

securityreason.com/securityalert/3418

securitytracker.com/id?1019018

www.securityfocus.com/archive/1/484363/100/0/threaded

www.securityfocus.com/bid/26636

exchange.xforce.ibmcloud.com/vulnerabilities/38783

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

Confidence

Low

EPSS

0.063

Percentile

93.7%

JSON

Related for CVE-2007-6226