Vulnerability Details CVE-2009-2357
The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.0%
CVSS Severity
CVSS v2 Score 10.0
References
- http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56
- http://www.securityfocus.com/archive/1/504740/100/0/threaded
- http://www.vupen.com/english/advisories/2009/1816
- http://www.nth-dimension.org.uk/utils/get.php?downloadsid=56
- http://www.securityfocus.com/archive/1/504740/100/0/threaded
- http://www.vupen.com/english/advisories/2009/1816
Products affected by CVE-2009-2357
-
cpe:2.3:a:yasinkaplan:tekradius:3.0