CVE-2007-1345 - OpenCVE

Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Broadcom	Etrust Admin

Configuration 1 [-]

OR	cpe:2.3:a:broadcom:etrust_admin:8.1:::::::*
	cpe:2.3:a:broadcom:etrust_admin:8.1.1:::::::*
	cpe:2.3:a:broadcom:etrust_admin:8.1.2:::::::*

References

Link	Resource
http://secunia.com/advisories/24441	Vendor Advisory
http://securityreason.com/securityalert/2404
http://www.osvdb.org/32722
http://www.securityfocus.com/archive/1/462312/100/0/threaded
http://www.securityfocus.com/bid/22885
http://www.securitytracker.com/id?1017740
http://www.vupen.com/english/advisories/2007/0885
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/32887

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-10T19:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-03-07T00:00:00

Link: CVE-2007-1345

JSON object: View

NVD Information

Status : Modified

Published: 2007-03-10T19:19:00.000

Modified: 2021-04-09T13:51:51.983

Link: CVE-2007-1345

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-09T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "22885", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22885"}, {"name": "20070309 [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/462312/100/0/threaded"}, {"name": "ca-etrust-admin-authentication-bypass(32887)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32887"}, {"name": "1017740", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017740"}, {"name": "32722", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32722"}, {"name": "2404", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2404"}, {"name": "24441", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24441"}, {"name": "ADV-2007-0885", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0885"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1345", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "22885", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22885"}, {"name": "20070309 [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/462312/100/0/threaded"}, {"name": "ca-etrust-admin-authentication-bypass(32887)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32887"}, {"name": "1017740", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017740"}, {"name": "32722", "refsource": "OSVDB", "url": "http://www.osvdb.org/32722"}, {"name": "2404", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2404"}, {"name": "24441", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24441"}, {"name": "ADV-2007-0885", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0885"}, {"name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145", "refsource": "CONFIRM", "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1345", "datePublished": "2007-03-10T19:00:00", "dateReserved": "2007-03-07T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "08594EFB-E04B-42E8-BE00-C3ACDB62BA4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:etrust_admin:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "137F8204-5A6D-436E-8760-3E0F91A2D2A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:etrust_admin:8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C362B251-6063-473E-B0AF-4D57BE1D3C7D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface."}, {"lang": "es", "value": "Vulnerabilidad no especificada en cube.exe del componente GIN para CA (Computer Associates) eTrust Admin 8.1.0 hasta 8.1.2 permite a atacantes con acceso f\u00edsico interactivo o Escritorio Remoto evitar la autenticaci\u00f3n y obtener privilegios a trav\u00e9s de la interfaz de restauraci\u00f3n de contrase\u00f1a."}], "evaluatorComment": "This vulnerability has been addressed by the vendor with the following product patch: ftp://ftp.ca.com/pub/etrust/etradm/ETRADM81SP2/CR_Manual_Updates-8.1sp2-CR6-070301.zip", "id": "CVE-2007-1345", "lastModified": "2021-04-09T13:51:51.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 2.7, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-10T19:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24441"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2404"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32722"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/462312/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22885"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017740"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0885"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32887"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}