Details of VAR-200712-0035

ID

VAR-200712-0035

CVE

CVE-2007-6226

TITLE

APC AP7932 0u 30amp Switched Rack PDU Vulnerable to login access

Trust: 0.8

sources: JVNDB: JVNDB-2007-002948

DESCRIPTION

The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits. APC Switched Rack PDUs (Power Distribution Units) are prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to affected devices. Successful exploits will allow attackers to control the power distribution to rack-mounted computer equipment. Attackers could leverage this to cause denial-of-service conditions and possibly physical damage. The following firmware versions running on PDU part number AP9732 are vulnerable: rpdu 3.5.5 aos 3.5.6 Other versions and devices may also be affected. A remote attacker bypasses authentication and gains registration access with the help of registration attempts from different customer usages

Trust: 1.98

sources: NVD: CVE-2007-6226 // JVNDB: JVNDB-2007-002948 // BID: 26636 // VULHUB: VHN-29588

AFFECTED PRODUCTS

vendor:	apc	model:	oas	scope:	eq	version:	3.5.6	Trust: 1.9
vendor:	apc	model:	switched rack pdu	scope:	eq	version:	3.5.5	Trust: 1.6
vendor:	schneider electric former name	model:	oas	scope:	eq	version:	3.5.6	Trust: 0.8
vendor:	schneider electric former name	model:	switched rack pdu	scope:	eq	version:	3.5.5	Trust: 0.8
vendor:	apc	model:	rpdu	scope:	eq	version:	3.5.5	Trust: 0.3

sources: BID: 26636 // JVNDB: JVNDB-2007-002948 // CNNVD: CNNVD-200712-040 // NVD: CVE-2007-6226

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-6226
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-6226
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200712-040
value:	HIGH
Trust: 0.6
VULHUB:	VHN-29588
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-6226
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-29588
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-29588 // JVNDB: JVNDB-2007-002948 // CNNVD: CNNVD-200712-040 // NVD: CVE-2007-6226

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-29588 // JVNDB: JVNDB-2007-002948 // NVD: CVE-2007-6226

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200712-040

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200712-040

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002948

PATCH

title:

Switched Rack PDU

url:

http://www.apc.com/products/family/index.cfm?id=70

Trust: 0.8

sources: JVNDB: JVNDB-2007-002948

EXTERNAL IDS

db:	NVD	id:	CVE-2007-6226	Trust: 2.8
db:	BID	id:	26636	Trust: 2.0
db:	SECTRACK	id:	1019018	Trust: 1.7
db:	SREASON	id:	3418	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002948	Trust: 0.8
db:	CNNVD	id:	CNNVD-200712-040	Trust: 0.7
db:	XF	id:	38783	Trust: 0.6
db:	BUGTRAQ	id:	20071129 APC MANAGEMENT VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-29588	Trust: 0.1

sources: VULHUB: VHN-29588 // BID: 26636 // JVNDB: JVNDB-2007-002948 // CNNVD: CNNVD-200712-040 // NVD: CVE-2007-6226

REFERENCES

url:	http://www.securityfocus.com/bid/26636	Trust: 1.7
url:	http://securitytracker.com/id?1019018	Trust: 1.7
url:	http://securityreason.com/securityalert/3418	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/484363/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/38783	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6226	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6226	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/38783	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/484363/100/0/threaded	Trust: 0.6
url:	http://www.apc.com/products/family/index.cfm?id=70	Trust: 0.3
url:	/archive/1/484363	Trust: 0.3

sources: VULHUB: VHN-29588 // BID: 26636 // JVNDB: JVNDB-2007-002948 // CNNVD: CNNVD-200712-040 // NVD: CVE-2007-6226

CREDITS

Gary Simat of Total Server Solutions LLC and Randy Kent of Sevaa Group Inc are credited with the discovery of this issue.

Trust: 0.9

sources: BID: 26636 // CNNVD: CNNVD-200712-040

SOURCES

db:	VULHUB	id:	VHN-29588
db:	BID	id:	26636
db:	JVNDB	id:	JVNDB-2007-002948
db:	CNNVD	id:	CNNVD-200712-040
db:	NVD	id:	CVE-2007-6226

LAST UPDATE DATE

2025-04-10T23:05:29.244000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-29588	date:	2018-10-15T00:00:00
db:	BID	id:	26636	date:	2008-03-13T02:21:00
db:	JVNDB	id:	JVNDB-2007-002948	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200712-040	date:	2007-12-04T00:00:00
db:	NVD	id:	CVE-2007-6226	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-29588	date:	2007-12-04T00:00:00
db:	BID	id:	26636	date:	2007-11-29T00:00:00
db:	JVNDB	id:	JVNDB-2007-002948	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200712-040	date:	2007-12-04T00:00:00
db:	NVD	id:	CVE-2007-6226	date:	2007-12-04T18:46:00