CVE-2013-3005

medium

Description

The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19519

https://exchange.xforce.ibmcloud.com/vulnerabilities/85366

http://www.ibm.com/support/docview.wss?uid=isg1IV42935

http://www.ibm.com/support/docview.wss?uid=isg1IV42934

http://www.ibm.com/support/docview.wss?uid=isg1IV42933

http://www.ibm.com/support/docview.wss?uid=isg1IV42932

http://www.ibm.com/support/docview.wss?uid=isg1IV42700

http://www.ibm.com/support/docview.wss?uid=isg1IV40221

http://aix.software.ibm.com/aix/efixes/security/tftp_advisory.asc

Details

Source: Mitre, NVD

Published: 2013-07-06

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

Detections

Analytics