Weekly Vulnerabilities Reports > January 6 to 12, 2003
Overview
6 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 9 products from 2 vendors including Polycom, and BMV. Vulnerabilities are notably categorized as .
- 5 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities are exploitable by an anonymous user.
- Polycom has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Polycom has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-01-07 | CVE-2002-0626 | Polycom | Unspecified vulnerability in Polycom products Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities. | 10.0 |
1 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-01-07 | CVE-2002-0627 | Polycom | Directory Traversal vulnerability in Polycom ViewStation Unicode The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. | 7.5 |
4 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-01-07 | CVE-2002-0630 | Polycom | Denial Of Service vulnerability in Polycom ViewStation ICMP The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets. | 5.0 |
| 2003-01-07 | CVE-2002-0629 | Polycom | Denial of Service vulnerability in Polycom ViewStation Telnet The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server. | 5.0 |
| 2003-01-07 | CVE-2002-0628 | Polycom | Unspecified vulnerability in Polycom products The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack. | 5.0 |
| 2003-01-11 | CVE-2003-0014 | BMV | Unspecified vulnerability in BMV 1.2 gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|