header-logo
Suggest Exploit
vendor:
WhatsUp Professional
by:
SecurityFocus
8.8
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: WhatsUp Professional
Affected Version From: 2006
Affected Version To: 2006
Patch Exists: YES
Related CWE: CVE-2006-4010
CPE: a:ipswitch:whatsup_professional:2006
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

Ipswitch WhatsUp Professional 2006 Authentication Bypass Vulnerability

Ipswitch WhatsUp Professional 2006 is vulnerable to an authentication bypass vulnerability. This vulnerability allows an attacker to gain administrative access to the web-based administrative interface of the application by sending a specially crafted HTTP request containing the User-Agent and User-Application header information.

Mitigation:

Upgrade to the latest version of Ipswitch WhatsUp Professional 2006.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/18019/info

Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability.

This issue allows remote attackers to gain administrative access to the web-based administrative interface of the application. This will aid them in further network attacks.

The HTTP requests containing the following header information are sufficient to demonstrate this issue:

User-Agent: Ipswitch/1.0
User-Application: NmConsole