Vulnerability Name:

CCN-17770

Published:2004-10-18
Updated:2004-10-18
Summary:3Com OfficeConnect could allow a remote attacker to hijack the administrator's session. By establishing a connection to the management interface, a remote attacker could cause the IP address of the currently logged in administrator to be displayed. This could be used to perform an IP spoofing attack to hijack the session.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Mon Oct 18 2004 - 07:14:10 CDT
3COM 3crwe754g72-a Information Disclosure, Logs manipulation

Source: CCN
Type: 3Com Product Downloads Web page
3Com OfficeConnect ADSL Wireless 11g Firewall Router

Source: XF
Type: UNKNOWN
3com-officeconnect-session-hijack(17770)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/h:3com:3crwe754g72-a:1.13:*:*:*:*:*:*:*
  • OR cpe:/h:3com:3crwe754g72-a:1.24:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    3com 3crwe754g72-a 1.13
    3com 3crwe754g72-a 1.24