Vulnerability Name:

CVE-2005-3786 (CCN-23211)

Assigned:2005-11-23
Published:2005-11-23
Updated:2011-03-08
Summary:Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2005-3786

Source: CCN
Type: SA17700
Novell ZENworks Remote-Diagnostics Access Control Weakness

Source: SECUNIA
Type: Patch, Vendor Advisory
17700

Source: CCN
Type: SECTRACK ID: 1015260
Novell ZENworks Console One Lets Remote Authenticated Users Access Diagnostic Functions

Source: SECTRACK
Type: UNKNOWN
1015260

Source: CCN
Type: Novell Technical Information Document TID10098818
Remote Diagnostics is accessible by regular users using Console One

Source: CONFIRM
Type: Patch, Vendor Advisory
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098818.htm

Source: CCN
Type: Novell ZENworks Web page
ZENworks® Suite

Source: CCN
Type: OSVDB ID: 21052
Novell ZENworks Console One Remote-Diagnostics Access

Source: BID
Type: UNKNOWN
15540

Source: CCN
Type: BID-15540
Novell ZENworks Remote Diagnostics Console One Unauthorized Access Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2005-2544

Source: XF
Type: UNKNOWN
novell-zenworks-bypass-security(23211)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:novell:zenworks:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:novell:zenworks_desktops:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:zenworks_servers:3.0.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:novell:zenworks_desktops:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:zenworks_desktop_management:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:novell:zenworks_remote_management:*:*:*:*:*:*:*:*
  • OR cpe:/a:novell:zenworks_servers:3.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    novell zenworks 6.5
    novell zenworks desktops 4.0.1
    novell zenworks servers 3.0.2
    novell zenworks desktops 4.0.1
    novell zenworks desktop management 6.5
    novell zenworks remote management *
    novell zenworks servers 3.0.2