|
 |
|
Avocent CCM Port Access Control Bypass Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA16836
|
|
|
Release Date:
|
2005-09-16
|
|
Last Update:
|
2005-09-23
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Avocent CCM XX50
|
|
| | CVE reference: | CVE-2005-2984 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Dirk Wetter has reported a vulnerability in Avocent CCM, which can be exploited by malicious users to bypass certain security restrictions.
The vulnerability is caused due to an error in the "connect" command in restricting access to certain serial ports. This can be exploited by malicious users to bypass port-based access control by directly connecting to the console server via SSH, and then using the "connect" command to access the port.
The vulnerability has been reported in CCM4850 with firmware 2.1.
Solution:
Update to firmware version 2.3.
ftp://ftp.avocent.com/public/product-...00/CCMx50%20Series/CCMx50%27s_AV_2.3/
Provided and/or discovered by:
Dirk Wetter
Changelog:
2005-09-23: Added CVE reference.
Original Advisory:
http://drwetter.org/cs-probs/avocent-sshbug.txt
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
