Vulnerabilities > CVE-2005-4197 - Unspecified vulnerability in Nortel SSL VPN 4.1.2.11/4.1.2.12

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
nortel
exploit available
NVD
Published: 2005-12-13
Updated: 2018-10-19

Summary

tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet.

Vulnerable Configurations

Part Description Count
Application
Nortel
3

Exploit-Db

descriptionNortel SSL VPN 4.2.1 .6 Web Interface Input Validation Vulnerability. CVE-2005-4197. Webapps exploit for cgi platform
idEDB-ID:26771
last seen2016-02-03
modified2005-12-08
published2005-12-08
reporterDaniel Fabian
sourcehttps://www.exploit-db.com/download/26771/
titleNortel SSL VPN 4.2.1.6 - Web Interface Input Validation Vulnerability

References