Vulnerability Description
Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ipswitch | Whatsup | professional_2006 |
References
- http://www.ftusecurity.com/pub/whatsup.public.pdf
- http://www.securityfocus.com/archive/1/434247/100/0/threaded
- http://www.securityfocus.com/archive/1/434447/100/0/threaded
- http://www.securityfocus.com/bid/18019
- http://www.vupen.com/english/advisories/2006/1849
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26529
- http://www.ftusecurity.com/pub/whatsup.public.pdf
- http://www.securityfocus.com/archive/1/434247/100/0/threaded
- http://www.securityfocus.com/archive/1/434447/100/0/threaded
- http://www.securityfocus.com/bid/18019
- http://www.vupen.com/english/advisories/2006/1849
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26529
FAQ
What is CVE-2006-2531?
CVE-2006-2531 is a vulnerability with a CVSS score of 7.5 (HIGH). Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Age...
How severe is CVE-2006-2531?
CVE-2006-2531 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2531?
Check the references section above for vendor advisories and patch information. Affected products include: Ipswitch Whatsup.