Summary
The remote 3Com OfficeConnect VPN Firewall is prone to a default account authentication bypass vulnerability. This issue may be exploited by a remote attacker to gain access to sensitive information or modify system configuration.
It was possible to login as Admin with password 'admin'.
Solution
Change the password.
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AVTECH DVR Multiple Vulnerabilities
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- 4Images <= 1.7.1 Directory Traversal Vulnerability
- Apache Axis2 Document Type Declaration Processing Security Vulnerability