PT-2006-3320 · Ipswitch · Ipswitch Whatsup Professional 2006+1

David Maciejak

Published

2006-05-15

Updated

2017-12-04

CVE-2006-2356

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ipswitch WhatsUp Professional 2006 Ipswitch WhatsUp Professional 2006 Premium

Description The issue allows remote attackers to obtain sensitive information about network nodes. This is achieved by modifying the nDeviceGroupID parameter in the NmConsole/utility/RenderMap.asp file.

Recommendations For Ipswitch WhatsUp Professional 2006, restrict access to the NmConsole/utility/RenderMap.asp file to minimize the risk of exploitation. For Ipswitch WhatsUp Professional 2006 Premium, avoid using the modified nDeviceGroupID parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2006-2356

Affected Products

Ipswitch Whatsup Professional 2006

Ipswitch Whatsup Professional 2006 Premium

PT-2006-3320 · Ipswitch · Ipswitch Whatsup Professional 2006+1

CVE-2006-2356

Weakness Enumeration

Related Identifiers

Affected Products

References · 7