Vulnerability CVE-2011-0920

Vulnerability Name:

CVE-2011-0920 (CCN-65363)

Assigned:

2011-02-08

Published:

2011-02-08

Updated:

2011-02-14

Summary:

The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-287

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2011-0920

Source: MITRE
Type: CNA
CVE-2011-1519

Source: CCN
Type: SA43860
IBM Lotus Domino Server Controller Authentication Bypass Vulnerability

Source: CCN
Type: IBM Support and Downloads
(Feb 2011) Potential security vulnerabilities in Lotus Notes & Domino

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21461514

Source: CCN
Type: OSVDB ID: 72565
IBM Lotus Domino Remote Console UNC Pathname Unspecified Authentication Bypass

Source: CCN
Type: BID-46361
IBM Lotus Domino Remote Console Security Bypass Vulnerability

Source: CCN
Type: BID-46985
IBM Lotus Domino Remote Console Authentication Bypass Vulnerability

Source: XF
Type: UNKNOWN
domino-remote-console-sec-bypass(65363)

Source: CCN
Type: ZDI-11-110
(0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:lotus_domino:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK