Body Background
TrendAI™ Zero Day Initiative™ Logo

TippingPoint SMS Server Authentication Bypass Vulnerability

May 9th, 2006
ZDI-06-013 ZDI-CAN-017

CVE ID

CVE-2006-0993

CVSS Score

None None

Affected Vendors

3Com TippingPoint

Affected Products

TippingPoint SMS

Vulnerability Details

This vulnerability may allow attackers to access sensitive information from vulnerable TippingPoint SMS servers.

The specific flaw exists within the web management interface. Due to insufficient protections on specific directories, an attacker with access to the web interface may be able to view benign data such as the user manual. In the event that the device was being used for backup purposes, it may be possible for an attacker to identify additional information such as configuration settings.

Additional Details

This issue has been addressed in TippingPoint SMS Server release version 2.2.1.4478. Customers can obtain the update through the SMS device or by visiting http://tmc.tippingpoint.com


Disclosure Timeline

  • 2006-01-19 - Vulnerability reported to vendor
  • 2006-05-09 - Coordinated public release of advisory

Credit

Micheal Cottingham

Back to Advisories

Hero Background

Stand at the front line of proactive security

Trend ZDI connects the experts who discover, remediate, and defend.
Add your voice to the work that pushes attackers back.