Vulnerability Description
Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage."
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clientsoftware | Wincome Mpd Total | <= 3.0.2.623 |
Related Weaknesses (CWE)
References
- http://aluigi.org/adv/wincomalpd-adv.txt
- http://aluigi.org/poc/wincomalpd.zip
- http://secunia.com/advisories/28763Vendor Advisory
- http://securityreason.com/securityalert/4610
- http://www.securityfocus.com/archive/1/487507/100/200/threaded
- http://www.securityfocus.com/bid/27614
- http://www.vupen.com/english/advisories/2008/0410
- http://aluigi.org/adv/wincomalpd-adv.txt
- http://aluigi.org/poc/wincomalpd.zip
- http://secunia.com/advisories/28763Vendor Advisory
- http://securityreason.com/securityalert/4610
- http://www.securityfocus.com/archive/1/487507/100/200/threaded
- http://www.securityfocus.com/bid/27614
- http://www.vupen.com/english/advisories/2008/0410
FAQ
What is CVE-2008-5158?
CVE-2008-5158 is a vulnerability with a CVSS score of 7.5 (HIGH). Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage."
How severe is CVE-2008-5158?
CVE-2008-5158 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5158?
Check the references section above for vendor advisories and patch information. Affected products include: Clientsoftware Wincome Mpd Total.