CVE-2011-1520 : The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console

The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.

Published 2011-03-25 19:55:02

Updated 2018-10-09 19:31:07

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Exploit prediction scoring system (EPSS) score for CVE-2011-1520

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 18 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-1520

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-1520

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1520

http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password

IBM Notes and Domino wiki : Notes.inis P - Q - R - S : Server_Console_Password
http://securityreason.com/securityalert/8164

IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability - CXSecurity.com

CVEs referencing this url
http://www.zerodayinitiative.com/advisories/ZDI-11-110

ZDI-11-110 | Zero Day Initiative

CVEs referencing this url
http://www.securityfocus.com/archive/1/517119/100/0/threaded

SecurityFocus

CVEs referencing this url
http://www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument

Lotus Domino Administrator 6 Help - Set Secure
http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html

IBM Knowledge Center - Home of IBM product documentation

Products affected by CVE-2011-1520

IBM » Lotus Domino
cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-1520

Exploit prediction scoring system (EPSS) score for CVE-2011-1520

CVSS scores for CVE-2011-1520

CWE ids for CVE-2011-1520

References for CVE-2011-1520

Products affected by CVE-2011-1520