Vulnerabilities > CVE-2004-2079 - Remote vulnerability in Red-M Red-Alert 2.7.5V3.1Build24

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

red-m

NVD

Published: 2004-02-09

Updated: 2017-07-11

Summary

Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user.

Vulnerable Configurations

Part	Description	Count
Hardware	Red-M RED M RED Alert 2.7.5_V3.1_Build_24	1

References

http://genhex.org/releases/031003.txt
http://marc.info/?l=full-disclosure&m=107635119005407&w=2
http://securitytracker.com/id?1009001
http://www.osvdb.org/3952
http://www.securiteam.com/securitynews/5SP0C0KC0A.html
http://www.securityfocus.com/archive/1/353211
http://www.securityfocus.com/bid/9618
https://exchange.xforce.ibmcloud.com/vulnerabilities/15088