CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
56.0%
AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.
Vendor | Product | Version | CPE |
---|---|---|---|
bosanova | launcher400 | * | cpe:2.3:a:bosanova:launcher400:*:*:*:*:*:*:*:* |
ibm | client_access | * | cpe:2.3:a:ibm:client_access:*:*:*:*:*:*:*:* |
mochasoft | tn5250 | * | cpe:2.3:a:mochasoft:tn5250:*:*:*:*:*:*:*:* |
powerterm | interconnect | * | cpe:2.3:a:powerterm:interconnect:*:*:*:*:*:*:*:* |