Unrated severityNVD Advisory· Published May 19, 2014· Updated May 6, 2026

CVE-2013-6766

Description

OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC.

Affected products

Openvas/Openvas Administrator7 versions
cpe:2.3:a:openvas:openvas_administrator:1.2.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:openvas:openvas_administrator:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_administrator:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_administrator:1.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_administrator:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_administrator:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_administrator:1.3:beta1:*:*:*:*:*:*
- cpe:2.3:a:openvas:openvas_administrator:1.3:rc1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000