Vulnerability Note VU#921017
Secure Elements Class 5 AVR client sends messages in cleartext
OverviewThe Secure Elements Class 5 AVR client sends messages in cleartext. This may allow an attacker to read traffic from an asset.
I. DescriptionClass 5 AVR
Secure Elements Class 5 AVR (Automated Vulnerability Remediation) is a security product that monitors and enforces security policies on network assets. Class 5 AVR is now known as C5 EVM (Enterprise Vulnerability Management). The Class 5 AVR software includes both server and client components.
Class 5 AVR client
The Class 5 AVR client listens on 60000/udp and an additional tcp port. This client receives commands sent by the Class 5 AVR server.
Class 5 AVR server
The Class 5 AVR server is available as an appliance or as software that runs on commodity hardware. The Class 5 AVR server contains information about network assets, vulnerabilities, and remediation history.
The problem
The Class 5 AVR server does not require that incoming messages be encrypted. If an incoming message is in plain text, the server will respond in plain text as well.
II. ImpactAn attacker may be able to read sensitive information that is transmitted between the Class 5 AVR server and client.
III. SolutionUpgrade or patch
This issue has been resolved in C5 EVM 2.8.1.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|
| Secure Elements | Vulnerable | 26-May-2006 |
References
http://www.secure-elements.com/products/index.htm
Credit
Thanks to the NOAA N-CIRT Lab for reporting this vulnerability.
This document was written by Will Dormann.
Other Information
| Date Public: | 2006-05-30 |
| Date First Published: | 2006-05-30 |
| Date Last Updated: | 2006-06-06 |
| CERT Advisory: | |
| CVE-ID(s): | |
| NVD-ID(s): | |
| US-CERT Technical Alerts: | |
| Metric: | 0.66 |
| Document Revision: | 8 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
Get Adobe Reader