Vulnerability Description
Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Secure Elements | Class 5 Enterprise Vulnerability Management | 2.8.0 |
References
- http://secunia.com/advisories/20378
- http://securitytracker.com/id?1016184
- http://www.kb.cert.org/vuls/id/207337US Government Resource
- http://www.kb.cert.org/vuls/id/WDON-6QAPAL
- http://www.vupen.com/english/advisories/2006/2069
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26758
- http://secunia.com/advisories/20378
- http://securitytracker.com/id?1016184
- http://www.kb.cert.org/vuls/id/207337US Government Resource
- http://www.kb.cert.org/vuls/id/WDON-6QAPAL
- http://www.vupen.com/english/advisories/2006/2069
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26758
FAQ
What is CVE-2006-2707?
CVE-2006-2707 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clie...
How severe is CVE-2006-2707?
CVE-2006-2707 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2707?
Check the references section above for vendor advisories and patch information. Affected products include: Secure Elements Class 5 Enterprise Vulnerability Management.