Authentication Bypass and Privilege Escalation Vulnerability in Tripwire IP360 VnE Manager

Authentication Bypass and Privilege Escalation Vulnerability in Tripwire IP360 VnE Manager

CVE-2015-6237 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."

Learn more about our User Device Pen Test.