Avirt Gateway Suite Telnet Proxy Arbitrary Command Execution

high Nessus Plugin ID 11096

Synopsis

The remote gateway does not require authentication for connections to the proxy service.

Description

It was possible to connect to the remote telnet server without a password and to get a command prompt with the 'DOS' command.

And attacker may use this flaw to get access to your system.

Solution

There is no known solution at this time.

See Also

https://marc.info/?l=bugtraq&m=101131669102843&w=2

Plugin Details

Severity: High

ID: 11096

File Name: avirt_gateway_telnet.nasl

Version: 1.21

Type: remote

Published: 8/21/2002

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/17/2002

Reference Information

CVE: CVE-2002-0134

BID: 3901