Details of VAR-199910-0010

ID

VAR-199910-0010

CVE

CVE-1999-0791

TITLE

Hybrid Cable Modem Remote Configuration Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199910-020

DESCRIPTION

Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol. The cable modems use a protocol called HSMP, which uses UDP as its transport layer protocol. This makes it trivial to spoof packets and possible for hackers to compromise cable-modem subscribers anonymously. The possible consequences of this problem being exploited are very serious and range from denial of service attacks to running arbitrary code on the modem

Trust: 1.26

sources: NVD: CVE-1999-0791 // BID: 695 // VULHUB: VHN-772

AFFECTED PRODUCTS

vendor:	hybrid network	model:	hsmp	scope:	eq	version:	*	Trust: 1.0
vendor:	hybrid network	model:	cable modem	scope:	eq	version:	*	Trust: 1.0
vendor:	hybrid network	model:	cable modem	scope:	-	version:	-	Trust: 0.6
vendor:	hybrid network	model:	hsmp	scope:	-	version:	-	Trust: 0.6
vendor:	hybrid	model:	networks cable broadband access system	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 695 // CNNVD: CNNVD-199910-020 // NVD: CVE-1999-0791

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-0791
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-199910-020
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-772
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-1999-0791
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-772
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-772 // CNNVD: CNNVD-199910-020 // NVD: CVE-1999-0791

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0791

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199910-020

TYPE

Design Error

Trust: 0.9

sources: BID: 695 // CNNVD: CNNVD-199910-020

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-772

EXTERNAL IDS

db:	BID	id:	695	Trust: 2.0
db:	NVD	id:	CVE-1999-0791	Trust: 1.7
db:	CNNVD	id:	CNNVD-199910-020	Trust: 0.7
db:	EXPLOIT-DB	id:	19538	Trust: 0.1
db:	VULHUB	id:	VHN-772	Trust: 0.1

sources: VULHUB: VHN-772 // BID: 695 // CNNVD: CNNVD-199910-020 // NVD: CVE-1999-0791

REFERENCES

url:	http://www.securityfocus.com/bid/695	Trust: 1.7
url:	http://www.hybrid.com/products/bband_ds.html	Trust: 0.3
url:	http://www.ksrt.org	Trust: 0.3
url:	-	Trust: 0.1

sources: VULHUB: VHN-772 // BID: 695 // CNNVD: CNNVD-199910-020 // NVD: CVE-1999-0791

CREDITS

First posted to BugTraq by KSR[T] in an advisory on Oct 5, 1999.

Trust: 0.9

sources: BID: 695 // CNNVD: CNNVD-199910-020

SOURCES

db:	VULHUB	id:	VHN-772
db:	BID	id:	695
db:	CNNVD	id:	CNNVD-199910-020
db:	NVD	id:	CVE-1999-0791

LAST UPDATE DATE

2024-08-14T14:09:18.025000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-772	date:	2008-09-09T00:00:00
db:	BID	id:	695	date:	1999-10-05T00:00:00
db:	CNNVD	id:	CNNVD-199910-020	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-1999-0791	date:	2008-09-09T12:35:39.290

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-772	date:	1999-10-06T00:00:00
db:	BID	id:	695	date:	1999-10-05T00:00:00
db:	CNNVD	id:	CNNVD-199910-020	date:	1999-10-06T00:00:00
db:	NVD	id:	CVE-1999-0791	date:	1999-10-06T04:00:00