NTOP Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 2720

Synopsis

The remote host is missing a critical security patch or upgrade.

Description

The remote host is running NTOP, a tool for viewing network configuration, usage, statistics, protocols, and much more via a web interface. This version of NTOP is reported to be prone to at least four (4) vulnerabilities. An attacker exploiting these flaws would be able to execute arbitrary code on the target server.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.ntop.org

Plugin Details

Severity: Critical

ID: 2720

Family: CGI

Published: 3/18/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:luca_deri:ntop

Reference Information

CVE: CVE-2000-0705, CVE-2000-0706, CVE-2002-0412

BID: 4225, 1550, 1576, 1840