{"vuid":"VU#278785","idnumber":"278785","name":"DevonIT weak authentication and buffer overflow in /usr/bin/tm-console-bin","keywords":[""],"overview":"The DevonIT management tool for thin clients uses a shared secret that is transmitted over the network in the clear. The /usr/bin/tm-console-bin application contains a buffer overflow, which may allow an attacker to execute arbitrary code.","clean_desc":"The management tool transmits an unencrypted shared secret over the network to authenticate with clients. This traffic can then be used by an attacker to mimic a thin-manager server and control thin clients.","impact":"An attacker able to sniff traffic created by the management tool will be able to compromise the configuration of thin clients. An attacker may be able to exploit a buffer overflow in /usr/bin/tm-console-bin to execute arbitrary code.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"Restrict Access\nImplement appropriate firewall rules so cli","sysaffected":"","thanks":"Thanks to Kevin Finisterre for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":[],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2020-05-21T16:12:39.428096Z","publicdate":"2010-08-24T00:00:00Z","datefirstpublished":"2010-08-24T16:08:25Z","dateupdated":"2010-08-24T18:28:00Z","revision":14,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":"N/A","cvss_basevector":"N/A","cvss_temporalscore":"N/A","cvss_environmentalscore":"N/A","cvss_environmentalvector":"N/A","metric":0.03375,"vulnote":null}