CVE-2007-1345 - OpenCVE

Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Etrust Admin

Configuration 1 [-]

OR	cpe:2.3:a:broadcom:etrust_admin:8.1:::::::*
	cpe:2.3:a:broadcom:etrust_admin:8.1.1:::::::*
	cpe:2.3:a:broadcom:etrust_admin:8.1.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/24441
http://securityreason.com/securityalert/2404
http://www.osvdb.org/32722
http://www.securityfocus.com/archive/1/462312/100/0/threaded
http://www.securityfocus.com/bid/22885
http://www.securitytracker.com/id?1017740
http://www.vupen.com/english/advisories/2007/0885
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145
https://exchange.xforce.ibmcloud.com/vulnerabilities/32887

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-10T19:00:00

Updated: 2024-08-07T12:50:35.273Z

Reserved: 2007-03-07T00:00:00

Link: CVE-2007-1345

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-03-10T19:19:00.000

Modified: 2021-04-09T13:51:51.983

Link: CVE-2007-1345

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-09T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "22885", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22885"}, {"name": "20070309 [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/462312/100/0/threaded"}, {"name": "ca-etrust-admin-authentication-bypass(32887)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32887"}, {"name": "1017740", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017740"}, {"name": "32722", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32722"}, {"name": "2404", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2404"}, {"name": "24441", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24441"}, {"name": "ADV-2007-0885", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0885"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1345", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "22885", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22885"}, {"name": "20070309 [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/462312/100/0/threaded"}, {"name": "ca-etrust-admin-authentication-bypass(32887)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32887"}, {"name": "1017740", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017740"}, {"name": "32722", "refsource": "OSVDB", "url": "http://www.osvdb.org/32722"}, {"name": "2404", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2404"}, {"name": "24441", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24441"}, {"name": "ADV-2007-0885", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0885"}, {"name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145", "refsource": "CONFIRM", "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:50:35.273Z"}, "title": "CVE Program Container", "references": [{"name": "22885", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22885"}, {"name": "20070309 [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/462312/100/0/threaded"}, {"name": "ca-etrust-admin-authentication-bypass(32887)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32887"}, {"name": "1017740", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017740"}, {"name": "32722", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32722"}, {"name": "2404", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2404"}, {"name": "24441", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24441"}, {"name": "ADV-2007-0885", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0885"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1345", "datePublished": "2007-03-10T19:00:00", "dateReserved": "2007-03-07T00:00:00", "dateUpdated": "2024-08-07T12:50:35.273Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "08594EFB-E04B-42E8-BE00-C3ACDB62BA4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:etrust_admin:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "137F8204-5A6D-436E-8760-3E0F91A2D2A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:etrust_admin:8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C362B251-6063-473E-B0AF-4D57BE1D3C7D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface."}, {"lang": "es", "value": "Vulnerabilidad no especificada en cube.exe del componente GIN para CA (Computer Associates) eTrust Admin 8.1.0 hasta 8.1.2 permite a atacantes con acceso f\u00edsico interactivo o Escritorio Remoto evitar la autenticaci\u00f3n y obtener privilegios a trav\u00e9s de la interfaz de restauraci\u00f3n de contrase\u00f1a."}], "evaluatorComment": "This vulnerability has been addressed by the vendor with the following product patch: ftp://ftp.ca.com/pub/etrust/etradm/ETRADM81SP2/CR_Manual_Updates-8.1sp2-CR6-070301.zip", "id": "CVE-2007-1345", "lastModified": "2021-04-09T13:51:51.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 2.7, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-10T19:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24441"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2404"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32722"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/462312/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22885"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017740"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0885"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32887"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}