Executive Summary
Summary | |
---|---|
Title | AirSpan WiMAX ProST web management interface authentication bypass vulnerability |
Informations | |||
---|---|---|---|
Name | VU#248372 | First vendor Publication | 2008-03-06 |
Vendor | VU-CERT | Last vendor Modification | 2008-04-10 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#248372AirSpan WiMAX ProST web management interface authentication bypass vulnerabilityOverviewThe AirSpan WiMAX ProST contains an authentication bypass vulnerability that could allow an unauthenticated, remote attacker to make arbitrary configuration changes.I. DescriptionThe AirSpan WiMAX ProST is customer premise equipment that provides WiMAX wireless networking. The web management interface of the Airspan WiMax ProST does not properly authenticate HTTP POST requests.II. ImpactBy sending HTTP POST requests to a vulnerable ProST device, a remote, unauthenticated attacker may be able to make arbitrary configuration changes. The attacker could potentially disable the device by uploading an invalid firmware image.III. SolutionUpgradeFrom AirSpan WiMAX product bulletin PB/ASM/2008/016 Rev A:
Restrict access Restrict access to the web management interface to trusted networks. If possible, configure management and transit networks for separate VLANs, or restrict access to the device using IP access lists. Systems Affected
References
Thanks to Arthur Lashin for reporting this vulnerability and Francis Lacoste-Cordeau for information that was used in this report.. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/248372 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43029 | Airspan WiMAX ProST Administration Panel Authentication Bypass |