Vulnerabilities > CVE-2011-2077 - Configuration vulnerability in Inventivetec Mediacast

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

inventivetec

CWE-16

NVD

Published: 2011-05-10

Updated: 2011-09-22

Summary

The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier enables external TCP connections to port 10000, instead of connections only from 127.0.0.1, which makes it easier for remote attackers to have an unspecified impact via a TCP session.

Vulnerable Configurations

Part	Description	Count
Application	Inventivetec Inventivetec Mediacast *	1

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://securityreason.com/securityalert/8245
http://www.packetninjas.net/storage/advisories/MediaCast-PWDump-FINAL.txt