Weekly Vulnerabilities Reports > January 6 to 12, 2003

Overview

2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 9 products from 2 vendors including Polycom, and BMV. Vulnerabilities are notably categorized as and "Improper Restriction of Excessive Authentication Attempts".

  • 1 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities are exploitable by an anonymous user.
  • Polycom has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-01-07 CVE-2002-0628 Polycom Improper Restriction of Excessive Authentication Attempts vulnerability in Polycom products

The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.

7.5

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-01-11 CVE-2003-0014 BMV Unspecified vulnerability in BMV 1.2

gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS