Vulnerability Details : CVE-2001-0133
The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.
Exploit prediction scoring system (EPSS) score for CVE-2001-0133
Probability of exploitation activity in the next 30 days: 0.32%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2001-0133
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2001-0133
-
http://www.securityfocus.com/bid/2212
Vendor Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2001-01/0235.html
Vendor Advisory
Products affected by CVE-2001-0133
- cpe:2.3:a:trend_micro:interscan_viruswall:*:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:interscan_viruswall:3.0.1:*:*:*:*:*:*:*