OpenVAS Manager Authentication Bypass Network Vulnerability

Summary

The remote OVS Manager is prone to an authentication bypass.

Impact

Attackers can exploit these issues to gain unauthorized access to the affected application and perform certain actions.

Solution

Update to version 3.0.7 or 4.0.4.

Insight

A software bug in the server module 'OVS Manager' allowed to bypass the OMP authentication procedure. The attack vector is remotely available in case public OMP is enabled. In case of successful attack, the attacker gains partial rights to execute OMP commands. The bypass authentication is, however, incomplete and several OMP commands will fail to execute properly.

Detection

Try to bypass OMP authentication by sending a special crafted request.

References

http://openvas.org/OVSA20131108.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6765

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)
7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)

Take action and discover your vulnerabilities