CVE-2013-6765
Last modified
CVE-2013-6765 is a vulnerability of currently unknown severity. OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.. EPSS estimates a 7.27% chance of exploitation in the next 30 days.
Description
OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Openvas | Openvas Manager | 4.0 | Beta1 |
| Openvas | Openvas Manager | 4.0.0 | — |
| Openvas | Openvas Manager | 4.0.1 | — |
| Openvas | Openvas Manager | 4.0.2 | — |
| Openvas | Openvas Manager | 4.0.3 | — |
| Openvas | Openvas Manager | 3.0 | Beta1 |
| Openvas | Openvas Manager | 3.0.0 | — |
| Openvas | Openvas Manager | 3.0.1 | — |
| Openvas | Openvas Manager | 3.0.2 | — |
| Openvas | Openvas Manager | 3.0.3 | — |
| Openvas | Openvas Manager | 3.0.4 | — |
| Openvas | Openvas Manager | 3.0.5 | — |
| Openvas | Openvas Manager | 3.0.6 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-6765?
How severe is CVE-2013-6765?
How do I fix CVE-2013-6765?
Are you affected by CVE-2013-6765?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST