CVE-2006-6477 - Vulnerability Details - OpenCVE

FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM) attack.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mandiant	First Response

Configuration 1 [-]

cpe:2.3:a:mandiant:first_response:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/23393
http://securityreason.com/securityalert/2052
http://securitytracker.com/id?1017394
http://www.mandiant.com/firstresponse.htm
http://www.securityfocus.com/archive/1/454712/100/0/threaded
http://www.securityfocus.com/bid/21548
http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt
http://www.vupen.com/english/advisories/2006/5061

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-20T02:00:00

Updated: 2024-08-07T20:26:46.458Z

Reserved: 2006-12-11T00:00:00

Link: CVE-2006-6477

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-12-20T02:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-6477

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-18T00:00:00", "descriptions": [{"lang": "en", "value": "FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM) attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.mandiant.com/firstresponse.htm"}, {"name": "20061218 SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/454712/100/0/threaded"}, {"name": "23393", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23393"}, {"name": "ADV-2006-5061", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/5061"}, {"name": "21548", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21548"}, {"name": "2052", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2052"}, {"name": "1017394", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017394"}, {"tags": ["x_refsource_MISC"], "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2006-6477", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM) attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.mandiant.com/firstresponse.htm", "refsource": "CONFIRM", "url": "http://www.mandiant.com/firstresponse.htm"}, {"name": "20061218 SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/454712/100/0/threaded"}, {"name": "23393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23393"}, {"name": "ADV-2006-5061", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/5061"}, {"name": "21548", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21548"}, {"name": "2052", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2052"}, {"name": "1017394", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017394"}, {"name": "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt", "refsource": "MISC", "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:26:46.458Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mandiant.com/firstresponse.htm"}, {"name": "20061218 SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/454712/100/0/threaded"}, {"name": "23393", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23393"}, {"name": "ADV-2006-5061", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/5061"}, {"name": "21548", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21548"}, {"name": "2052", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2052"}, {"name": "1017394", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017394"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6477", "datePublished": "2006-12-20T02:00:00", "dateReserved": "2006-12-11T00:00:00", "dateUpdated": "2024-08-07T20:26:46.458Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mandiant:first_response:*:*:*:*:*:*:*:*", "matchCriteriaId": "6178A165-0EF2-45CC-B06E-275694754DAC", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM) attack."}, {"lang": "es", "value": "FRAgent.exe en Mandiant First Response (MFR) anterior a 1.1.1, al ejecutarlo en modo \"daemon\" y configurado para usar s\u00f3lo HTTP, permite a usuarios locales modificar peticiones y respuestas entre un cliente y un agente mediante el secuestro de un \"HTTP FRAgent daemon\" y llevando a cabo un ataque de hombre en el medio (MITM, man-in-the-middle)."}], "evaluatorSolution": "Sucessful exploitation requires that the affected products are run in daemon mode and configured to use only HTTP.\r\nThis vulnerability is addressed in the following product release:\r\nMandiant, First Response, 1.1.1", "id": "CVE-2006-6477", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-20T02:28:00.000", "references": [{"source": "[email protected]", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/23393"}, {"source": "[email protected]", "url": "http://securityreason.com/securityalert/2052"}, {"source": "[email protected]", "tags": ["Patch"], "url": "http://securitytracker.com/id?1017394"}, {"source": "[email protected]", "url": "http://www.mandiant.com/firstresponse.htm"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/archive/1/454712/100/0/threaded"}, {"source": "[email protected]", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/21548"}, {"source": "[email protected]", "tags": ["Patch"], "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt"}, {"source": "[email protected]", "url": "http://www.vupen.com/english/advisories/2006/5061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/23393"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2052"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://securitytracker.com/id?1017394"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandiant.com/firstresponse.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/454712/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/21548"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/5061"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}