Summary
There is a vulnerability in the current version of FlexWATCH that allows an attacker to access administrative sections without being required to authenticate.
An attacker may use this flaw to gain the list of user accounts on this system and the ability to reconfigure this service.
This is done by adding an additional '/' at the begining of the URL.
Solution
None at this time - filter incoming traffic to this port
Severity
Classification
-
CVE CVE-2003-1160 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)
- Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)