HylaFAX < 4.2.1 Remote Access Control Bypass

High Nessus Network Monitor Plugin ID 2517

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote host is running HylaFAX, a fax transmission software. It is reported that HylaFAX is prone to an access control bypass vulnerability. An attacker exploiting this flaw may be able to gain unauthorized access to the service.

Solution

Upgrade to version 4.2.1 or higher.

Plugin Details

Severity: High

ID: 2517

File Name: 2517.prm

Family: Generic

Published: 2004/08/18

Modified: 2016/11/23

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 7

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Reference Information

BID: 12227