Critical

CVE-2002-1629 - Unspecified vulnerability in Multi-Tech Proxyserver

Publication: 2002-12-31

Summary

Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, MTPSR2-201, and MTPSR3-200 ship with a null password, which allows remote attackers to gain administrative privileges via Telnet or HTTP.

Risk level (CVSS 10)

Critical

10.0

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

Affected Products

Multi-tech Proxyserver mtpsr1
Multi-tech Proxyserver mtpsr1
Multi-tech Proxyserver mtpsr1
Multi-tech Proxyserver mtpsr2
Multi-tech Proxyserver mtpsr3

References

http://archives.neohapsis.com/archives/bugtraq/2002-12/0105.html
http://www.kb.cert.org/vuls/id/495705
http://www.securityfocus.com/bid/7203
https://exchange.xforce.ibmcloud.com/vulnerabilities/10845