Vulnerabilities > CVE-2006-2531 - Authentication Bypass vulnerability in Ipswitch Whatsup Professional2006

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
ipswitch
nessus
exploit available

Summary

Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".

Vulnerable Configurations

Part Description Count
Application
Ipswitch
1

Exploit-Db

descriptionIpswitch WhatsUp Professional 2006 Authentication Bypass Vulnerability. CVE-2006-2531. Remote exploit for hardware platform
idEDB-ID:27891
last seen2016-02-03
modified2006-05-17
published2006-05-17
reporterKenneth F. Belva
sourcehttps://www.exploit-db.com/download/27891/
titleIpswitch WhatsUp Professional 2006 - Authentication Bypass Vulnerability

Nessus

NASL familyCGI abuses
NASL idIPSWITCH_WHATSUP_AUTH_BYPASS.NASL
descriptionThe remote host is running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host allows an attacker to bypass authentication with a specially crafted request.
last seen2020-06-01
modified2020-06-02
plugin id21572
published2006-05-18
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21572
titleIpswitch WhatsUp Professional Crafted Header Authentication Bypass