CVE Vulnerability

CVE-2007-4529

The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteServer, (3) AdminStartServer, and (4) AdminStopServer privileges; and administration of arbitrary virtual servers via a request to a .tscmd URI with a modified serverid parameter, as demonstrated by (a) add_server.tscmd, (b) ask_delete_server.tscmd, (c) start_server.tscmd, and (d) stop_server.tscmd.

8.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0165.html
http://securityvulns.com/Rdocument6.html Exploit
http://www.securityfocus.com/bid/23935
http://secunia.com/advisories/25242
http://osvdb.org/36047
https://exchange.xforce.ibmcloud.com/vulnerabilities/34254
http://www.securityfocus.com/archive/1/477424/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:teamspeak:web_server:2.0.20.1:*:*:*:*:*:*:*
Information

Published : 2007-08-25 12:17

Updated : 2018-10-15 09:35

NVD link : CVE-2007-4529

Mitre link : CVE-2007-4529

Products Affected
No products.
CWE
NVD-CWE-Other