CVE-2008-5158

EPSS 0.64%
Veröffentlicht 18.11.2008 21:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Clientsoftware ≫ Wincome Mpd Total Version <= 3.0.2.623

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.68

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://aluigi.org/adv/wincomalpd-adv.txt

http://aluigi.org/poc/wincomalpd.zip

http://secunia.com/advisories/28763

Vendor Advisory

http://securityreason.com/securityalert/4610

http://www.securityfocus.com/archive/1/487507/100/200/threaded

http://www.securityfocus.com/bid/27614

http://www.vupen.com/english/advisories/2008/0410

https://nvd.nist.gov/vuln/detail/CVE-2008-5158

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-5158

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-5158

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2008-5158