HylaFAX Remote Access Control Bypass

high Nessus Plugin ID 16126

Synopsis

The remote host contains an application that is affected by an access control bypass vulnerability.

Description

The remote host is running HylaFAX, a fax transmission software.

It is reported that HylaFAX is prone to an access control bypass vulnerability. An attacker, exploiting this flaw, may be able to gain unauthorized access to the service.

Solution

Upgrade to version 4.2.1 or later.

See Also

http://bugs.hylafax.org//show_bug.cgi?id=610

Plugin Details

Severity: High

ID: 16126

File Name: hylafax_bypass.nasl

Version: 1.12

Type: remote

Family: Misc.

Published: 1/11/2005

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:hylafax:hylafax

Required KB Items: hylafax/installed, hylafax/version, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2004-1182

BID: 12227