BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to bypass authentication via (1) an unknown attack vector or (2) a NULL (0x00) as a username.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bfcommand_and_control_software | bfvcc | 2.00_a |
| bfcommand_and_control_software | bfvcc | 2.14_b |
| bfcommand_and_control_software | bfcc | * |
BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bfcommand_and_control_software | bfvcc | 2.00_a |
| bfcommand_and_control_software | bfvcc | 2.14_b |
| bfcommand_and_control_software | bfcc | * |
BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to cause a denial of service (refused new connections) via a series of connections and disconnections without sending the login command.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bfcommand_and_control_software | bfvcc | 2.00_a |
| bfcommand_and_control_software | bfvcc | 2.14_b |
| bfcommand_and_control_software | bfcc | * |