CVE-2013-6766

CVE Database · CVE-2013-6766

CVE-2013-6766

· N/AModified

CVSS v3.1

N/A

EPSS

1.63%

Published

May 19, 2014

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC.

Weaknesses (CWE)

CWE-287

Affected Products (7)

openvas · openvas_administratorvulnerable

References (6)

http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html

http://www.openvas.org/OVSA20131108.html

Vendor Advisory

http://www.openwall.com/lists/oss-security/2013/11/10/2

http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html

http://www.openvas.org/OVSA20131108.html

Vendor Advisory

http://www.openwall.com/lists/oss-security/2013/11/10/2

KEV Catalog EPSS Scores Vendors All CVEs