Weekly Vulnerabilities Reports > January 6 to 12, 2003

Overview

6 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 9 products from 2 vendors including Polycom, and BMV. Vulnerabilities are notably categorized as .

  • 5 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities are exploitable by an anonymous user.
  • Polycom has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • Polycom has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-01-07 CVE-2002-0626 Polycom Unspecified vulnerability in Polycom products

Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.

10.0

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-01-07 CVE-2002-0627 Polycom Directory Traversal vulnerability in Polycom ViewStation Unicode

The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.

7.5

4 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-01-07 CVE-2002-0630 Polycom Denial Of Service vulnerability in Polycom ViewStation ICMP

The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets.

5.0
2003-01-07 CVE-2002-0629 Polycom Denial of Service vulnerability in Polycom ViewStation Telnet

The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server.

5.0
2003-01-07 CVE-2002-0628 Polycom Unspecified vulnerability in Polycom products

The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.

5.0
2003-01-11 CVE-2003-0014 BMV Unspecified vulnerability in BMV 1.2

gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS