CVE-2003-0974
published 2003-12-15CVE-2003-0974: Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as…
PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.29%
86.9th percentile
Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| applied_watch_technologies | applied_watch_command_center | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Applied Watch Command Center 1.0 - Authentication Bypass (2)
exploitdb·2003-11-28
CVE-2003-0974 Applied Watch Command Center 1.0 - Authentication Bypass (2)
Applied Watch Command Center 1.0 - Authentication Bypass (2)
---
// source: https://www.securityfocus.com/bid/9124/info
A vulnerability has been identified in the system that may allow an attacker to bypass authentication to add attacker supplied IDS alerts and new user accounts in the console. Successful exploitation of these issues may allow an attacker to gain unauthorized access to a vulnerable system or conceal intrusion attempts.
Proof of concept exploits have been made available for this issue.
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define PUT_UINT32(i, val)\
{\
buf[(i) ++] = ((val) >> 24) & 0xff;\
buf[(i) ++] = ((val) >> 16) & 0xff;\
buf[(i) ++] = ((val) >> 8) & 0xff;\
buf[(i) ++] = (val) & 0xff;\
}
int main(int argc, char *argv[])
Exploit-DB
Applied Watch Command Center 1.0 - Authentication Bypass (1)
exploitdb·2003-11-28
CVE-2003-0974 Applied Watch Command Center 1.0 - Authentication Bypass (1)
Applied Watch Command Center 1.0 - Authentication Bypass (1)
---
// source: https://www.securityfocus.com/bid/9124/info
A vulnerability has been identified in the system that may allow an attacker to bypass authentication to add attacker supplied IDS alerts and new user accounts in the console. Successful exploitation of these issues may allow an attacker to gain unauthorized access to a vulnerable system or conceal intrusion attempts.
Proof of concept exploits have been made available for this issue.
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define PUT_UINT32(i, val)\
{\
buf[(i) ++] = ((val) >> 24) & 0xff;\
buf[(i) ++] = ((val) >> 16) & 0xff;\
buf[(i) ++] = ((val) >> 8) & 0xff;\
buf[(i) ++] = (val) & 0xff;\
}
int main(int argc, char *argv[])
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107004362416252&w=2http://marc.info/?l=bugtraq&m=107005523025918&w=2http://marc.info/?l=bugtraq&m=107031196324376&w=2http://www.bugtraq.org/advisories/_BSSADV-0000.txthttp://www.securityfocus.com/bid/9124http://marc.info/?l=bugtraq&m=107004362416252&w=2http://marc.info/?l=bugtraq&m=107005523025918&w=2http://marc.info/?l=bugtraq&m=107031196324376&w=2http://www.bugtraq.org/advisories/_BSSADV-0000.txthttp://www.securityfocus.com/bid/9124
2003-12-15
Published