Vulnerabilities > CVE-2006-2708 - Remote Security vulnerability in Secure Elements Class 5 Enterprise vulnerability Management 2.8.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
secure-elements

Summary

Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows remote attackers to read portions of process memory via a modified size for (1) EM_GET_CE_PARAMETER and (2) EM_SET_CE_PARAMETER messages, which leads to a buffer overflow (probably an over-read). Upgrade to version 2.8.1

Vulnerable Configurations

Part Description Count
Application
Secure_Elements
1