Vulnerabilities > CVE-2006-0230 - Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Symantec Scan Engine 5.0.x.x Change Admin Password Remote Exploit. CVE-2006-0230. Remote exploit for windows platform |
id | EDB-ID:1703 |
last seen | 2016-01-31 |
modified | 2006-04-21 |
published | 2006-04-21 |
reporter | Marc Bevand |
source | https://www.exploit-db.com/download/1703/ |
title | Symantec Scan Engine 5.0.x.x Change Admin Password Remote Exploit |
Nessus
NASL family | CGI abuses |
NASL id | SYMANTEC_SCAN_ENGINE_MULTIPLE.NASL |
description | The remote host appears to be running Symantec Scan Engine. This version of Scan Engine is vulnerable to several flaws that could allow a remote attacker to take control of the scan engine. The following flaws are present: - Fixed HTTPS certificate key - Configuration file retrieval (with administrator password hash) - Possibility to change the administrator password |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21271 |
published | 2006-04-24 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21271 |
title | Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities |
code |
|
References
- http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0010.html
- http://secunia.com/advisories/19734
- http://www.kb.cert.org/vuls/id/118388
- http://www.securityfocus.com/archive/1/431724/100/0/threaded
- http://www.securityfocus.com/archive/1/431734/100/0/threaded
- http://www.securityfocus.com/bid/17637
- http://www.symantec.com/avcenter/security/Content/2006.04.21.html
- http://www.vupen.com/english/advisories/2006/1464
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25972