Vulnerabilities > CVE-2006-2707 - Remote Security vulnerability in Secure Elements Class 5 Enterprise vulnerability Management 2.8.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

secure-elements

NVD

Published: 2006-05-31

Updated: 2017-07-20

Summary

Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients. The vulnerabilities and security issues have been fixed in C5 EVM version 2.8.1.

Vulnerable Configurations

Part	Description	Count
Application	Secure_Elements Secure Elements Class 5 Enterprise Vulnerability Management 2.8.0	1

References

http://secunia.com/advisories/20378
http://securitytracker.com/id?1016184
http://www.kb.cert.org/vuls/id/207337
http://www.kb.cert.org/vuls/id/WDON-6QAPAL
http://www.vupen.com/english/advisories/2006/2069
https://exchange.xforce.ibmcloud.com/vulnerabilities/26758