Detections
Analytics

3com RAS 1500 Configuration Disclosure

medium Nessus Plugin ID 11480

Language:

Synopsis

The remote host is susceptible to an information disclosure attack.

Description

The remote 3com SuperStack II Remote Access System 1500 discloses its user configuration (user_settings.cfg) when the file is requested through the web interface. The file is transmitted in cleartext and contains the password of the device as well as other sensitive information.

An attacker may use this flaw to gain the control of this host.

Solution

Filter incoming traffic to this host.

See Also

https://seclists.org/vulnwatch/2003/q1/147

Plugin Details

Severity: Medium

ID: 11480

File Name: 3com_config_disclosure.nasl

Version: 1.21

Type: remote

Family: Misc.

Published: 3/26/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7176

Secunia: 8402