VDB
CVE-2006-0230
CVE-2006-0230
PUBLISHED
CVSS 10 CRITICAL
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
EPSS 32.69% · 97.0th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
32.69%
97.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| symantec | antivirus_scan_engine | 5.0.0.24 |
| n/a | n/a | n/a |
Timeline
- Apr 25, 2006 CVE Published
- Jul 30, 2010 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 17637 vdb
- 19734 third-party-advisory
- 20060421 Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error mailing-list
- 20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities mailing-list
- 20060421 Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error mailing-list
- VU#118388 third-party-advisory
- http://www.symantec.com/avcenter/security/Content/2006.04.21.html url
- sse-unauth-admin-access(25972) vdb
- ADV-2006-1464 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2006-0230 advisory