CVE-2008-4050

A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/31644	Vendor Advisory
http://securityreason.com/securityalert/4244
http://www.securityfocus.com/bid/30939
http://www.securityfocus.com/bid/30940	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/44787
https://www.exploit-db.com/exploits/6334

Configurations

Configuration 1 (hide)

cpe:2.3:a:friendly_technologies:friendly_pppoe_client:3.0.0.57:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-09-11 21:06

Updated : 2023-12-10 10:51

NVD link : CVE-2008-4050

Mitre link : CVE-2008-4050

CVE.ORG link : CVE-2008-4050

JSON object : View

Products Affected

friendly_technologies

friendly_pppoe_client

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2008-4050", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-09-11T21:06:48.023", "references": [{"url": "http://secunia.com/advisories/31644", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/4244", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30939", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30940", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44787", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/6334", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method."}, {"lang": "es", "value": "Cierto control ActiveX en el archivo fwRemoteCfg.dll 3.3.3.1 en Friendly Technologies FriendlyPPPoE Client 3.0.0.57 permite a los atacantes remotos (1) crear y leer arbitrariamente valores del registro a trav\u00e9s del m\u00e9todo RegistryValue, y (2) leer arbitrariamente archivos a trav\u00e9s del m\u00e9todo GetTextFile."}], "lastModified": "2017-09-29T01:31:57.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:friendly_technologies:friendly_pppoe_client:3.0.0.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5CA25C8-5730-4EC7-A171-67D76B35BCCB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}