CVE-2000-0757 : The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privil

The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privileges by connecting to the service and specifying the commands to be executed.

Published 2000-10-20 04:00:00

Updated 2008-09-05 20:21:49

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2000-0757

Probability of exploitation activity in the next 30 days: 1.15%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2000-0757

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2000-0757

http://www.securityfocus.com/bid/1555

Exploit;Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2000-08/0074.html

Vendor Advisory

Products affected by CVE-2000-0757

Aptis Software » Totalbill » Version: 3.0
cpe:2.3:a:aptis_software:totalbill:3.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2000-0757

Exploit prediction scoring system (EPSS) score for CVE-2000-0757

CVSS scores for CVE-2000-0757

References for CVE-2000-0757

Products affected by CVE-2000-0757