CVE-2009-4409

Published Dec 23, 2009

Last updated 15 years ago

CVSS info 2.6

Overview

Description: The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.6
Impact score: 2.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:iij:seil\\/b1:1.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AB18B1D-6DB6-4096-83EC-9608678218DE"
          },
          {
            "criteria": "cpe:2.3:h:iij:seil\\/b1:2.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F9B7A67-49CD-4D42-B5C5-E45BE775EDB5"
          },
          {
            "criteria": "cpe:2.3:h:iij:seil\\/b1:2.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB22791F-D919-4B32-86E7-83ACBE6D4F03"
          },
          {
            "criteria": "cpe:2.3:h:iij:seil\\/b1:2.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D36BD6C-7802-473A-B8A1-BD4D687F3AEC"
          },
          {
            "criteria": "cpe:2.3:h:iij:seil\\/b1:2.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8617348-4572-4277-AFB4-241F4A38687F"
          },
          {
            "criteria": "cpe:2.3:h:iij:seil\\/b1:2.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D73D5590-F721-4A8C-95D8-B396198FB27D"
          },
          {
            "criteria": "cpe:2.3:h:iij:seil\\/b1:2.41:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6382F122-161C-433D-AF82-0E8E4073A392"
          },
          {
            "criteria": "cpe:2.3:h:iij:seil\\/b1:2.42:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4772B30-D3E3-49AC-86F7-CEAE59CECE02"
          },
          {
            "criteria": "cpe:2.3:h:iij:seil\\/b1:2.50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "477AEE25-5F49-4DCA-95C3-61DF83E4E91D"
          },
          {
            "criteria": "cpe:2.3:h:iij:seil\\/b1:2.51:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "558625E8-5613-4993-84DF-C0ECF0C92325"
          },
          {
            "criteria": "cpe:2.3:h:iij:seil\\/b1:2.52:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D4BB407-DECF-4E84-BF99-9CE2A93A84A7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References