HP OpenView Client Configuration Manager Remote Authentication Bypass Vulnerability
BID:20971
Info
HP OpenView Client Configuration Manager Remote Authentication Bypass Vulnerability
| Bugtraq ID: | 20971 |
| Class: | Design Error |
| CVE: |
CVE-2006-5782 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 08 2006 12:00AM |
| Updated: | Nov 08 2006 12:00AM |
| Credit: | Pedram Amini of the TippingPoint Security Research Team is credited with the discovery of this vulnerability. |
| Vulnerable: |
HP OpenView Client Configuration Manager 1.0 |
| Not Vulnerable: |
HP OpenView Client Configuration Manager 2.0 |
Discussion
Exploit / POC
HP OpenView Client Configuration Manager Remote Authentication Bypass Vulnerability
An attacker can exploit this issue by sending specially crafted command requests to an affected device. The attacker could use readily available packet-creation utilities to build the request.
An attacker can exploit this issue by sending specially crafted command requests to an affected device. The attacker could use readily available packet-creation utilities to build the request.
Solution / Fix
HP OpenView Client Configuration Manager Remote Authentication Bypass Vulnerability
Solution:
The vendor has released CCM version 2.0 to address this issue. Please see the referenced advisory for information on how to obtain and install this fix.
Solution:
The vendor has released CCM version 2.0 to address this issue. Please see the referenced advisory for information on how to obtain and install this fix.
References
HP OpenView Client Configuration Manager Remote Authentication Bypass Vulnerability
References:
References: