Summary
The remote 3Com OfficeConnect VPN Firewall is prone to a default account authentication bypass vulnerability. This issue may be exploited by a remote attacker to gain access to sensitive information or modify system configuration.
It was possible to login as Admin with password 'admin'.
Solution
Change the password.
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlefMentor Multiple SQL Injection Vulnerabilities
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities