Vulnerability Details CVE-2006-2707
Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/20378
- http://securitytracker.com/id?1016184
- http://www.kb.cert.org/vuls/id/207337
- http://www.kb.cert.org/vuls/id/WDON-6QAPAL
- http://www.vupen.com/english/advisories/2006/2069
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26758
- http://secunia.com/advisories/20378
- http://securitytracker.com/id?1016184
- http://www.kb.cert.org/vuls/id/207337
- http://www.kb.cert.org/vuls/id/WDON-6QAPAL
- http://www.vupen.com/english/advisories/2006/2069
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26758
Products affected by CVE-2006-2707
-
cpe:2.3:a:secure_elements:class_5_enterprise_vulnerability_management:2.8.0