- Description
- AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bosanova:launcher400:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "174F4C2C-6014-4A6F-8946-55277CF1BDF1"
},
{
"criteria": "cpe:2.3:a:ibm:client_access:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6475C52-EDB1-40C7-BE19-B5B33B732CAF"
},
{
"criteria": "cpe:2.3:a:mochasoft:tn5250:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE46E179-2768-41BF-94EA-34411CB3FF27"
},
{
"criteria": "cpe:2.3:a:powerterm:interconnect:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0D210C4-4843-4CF4-B635-1BEA76531D02"
}
],
"operator": "OR"
}
]
}
]