CVE-2003-0174

moderate-risk

Published 2003-05-12

The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.

Do I need to act?

0.36% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Irix

Affected Vendors

Sgi

References (8)

Broken Link ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P

Broken Link http://www.ciac.org/ciac/bulletins/n-084.shtml

Broken Link http://www.securityfocus.com/bid/7442

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/11860

Broken Link ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P

Broken Link http://www.ciac.org/ciac/bulletins/n-084.shtml

Broken Link http://www.securityfocus.com/bid/7442

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/11860

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal