2.4.3Rc1

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

positive-software

NVD

Published: 2005-05-16

Updated: 2017-07-11

Summary

H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	Positive_Software Positive Software H Sphere Winbox 2.4.2_Patch_4 Positive Software H Sphere Winbox 2.4.3_Rc1	2

References

http://exploitlabs.com/files/advisories/EXPL-A-2005-007-hsphere.txt
http://secunia.com/advisories/15287
http://www.osvdb.org/16239
http://www.psoft.net/misc/hsphere_winbox_security_update_passwd.html
http://www.securityfocus.com/bid/13559
https://exchange.xforce.ibmcloud.com/vulnerabilities/20522