Detections
Analytics

ThinClientServer < 4.0.2248 Admin Account Creation

high Nessus Network Monitor Plugin ID 3845

Synopsis

The remote web server contains a PHP script that allows the creation of additional administrative accounts.

Description

The remote web server contains a PHP script that allows the creation of additional administrative accounts. The remote host is running ThinClientServer, an application to convert existing PCs into thin clients. The version of ThinClientServer installed on the remote host allows an unauthenticated remote attacker to create administrative accounts.

Solution

Upgrade to version 4.0.2248 or higher.

See Also

http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2006-012.txt

http://www.securityfocus.com/advisories/11589

http://www.2x.com/thinclientserver

Plugin Details

Severity: High

ID: 3845

Family: CGI

Published: 12/7/2006

Updated: 3/6/2019

Nessus ID: 23780

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:2x:thinclientserver

Reference Information

CVE: CVE-2006-6221

BID: 21300