Sign-up

ID

VAR-200001-0040


CVE

CVE-2000-0063


TITLE

Nortel Contivity Switch Remote Denial of Service Attack and File Leak Vulnerability

Trust: 1.0

sources: IVD: 7d77fbd3-463f-11e9-88df-000c29342cb1 // IVD: 663d977a-2079-11e6-abef-000c29c66e3d // CNVD: CNVD-2001-0323

DESCRIPTION

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. The Contivity series is an external network switch product developed by Nortel. The newer Contivity switch includes an httpd server running on the VxWorks operating system to provide a remote Web-based management interface.  A vulnerability exists in the "cgiproc" script implementation of the Web management interface of the Contivity series switches. A remote attacker could use this vulnerability to conduct a denial of service attack on the switch or view arbitrary system files.  Because the user input is not sufficiently filtered, if you pass metacharacters to the cgiporc program, such as "!" Or "$", the system will crash. Another vulnerability of cgiproc is the lack of authentication when requesting a management page. This enables an attacker to view any file in the web server. A total system crash can occur as a result of exploiting a vulnerability in a cgi-bin program called "cgiproc" that is included with the webserver. If metacharacters such as "!", or "$" are passed to cgiproc, the system will crash (because the characters are not escaped). foo <foo@blacklisted.intranova.net> provided the following example: http://x.x.x.x/manage/cgi/cgiproc?$ [crash] No evidence of this problem being exploited is saved in the logs. foo <foo@blacklisted.intranova.net> also provided an example for this vulnerability: http://x.x.x.x/manage/cgi/cgiproc?Nocfile=/name/and/path/of/file. (interesting places to look: /system/filelist.dat, /system/version.dat, /system/keys, /system/core, etc.) All that is written to the logs when this is exploited is below: 09:44:23 tEvtLgMgr 0 : Security [12] Management: Request for cgiproc denied. requires login In order to perform the operations detailed in the report, the "attackers" must be internal, private side users or authenticated tunnel users and the site administrator must allow them HTTP as a management protocol

Trust: 2.16

sources: NVD: CVE-2000-0063 // CNVD: CNVD-2001-0323 // BID: 938 // IVD: 7d77fbd3-463f-11e9-88df-000c29342cb1 // IVD: 663d977a-2079-11e6-abef-000c29c66e3d // VULHUB: VHN-1642

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 7d77fbd3-463f-11e9-88df-000c29342cb1 // IVD: 663d977a-2079-11e6-abef-000c29c66e3d // CNVD: CNVD-2001-0323

AFFECTED PRODUCTS

vendor:nortelmodel:contivityscope:eqversion:1.0

Trust: 1.6

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:nortelmodel:networks contivity extranet switchscope:eqversion:2500

Trust: 0.3

sources: CNVD: CNVD-2001-0323 // BID: 938 // CNNVD: CNNVD-200001-039 // NVD: CVE-2000-0063

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0063
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200001-039
value: MEDIUM

Trust: 0.6

IVD: 7d77fbd3-463f-11e9-88df-000c29342cb1
value: MEDIUM

Trust: 0.2

IVD: 663d977a-2079-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-1642
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2000-0063
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IVD: 7d77fbd3-463f-11e9-88df-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 663d977a-2079-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-1642
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 7d77fbd3-463f-11e9-88df-000c29342cb1 // IVD: 663d977a-2079-11e6-abef-000c29c66e3d // VULHUB: VHN-1642 // CNNVD: CNNVD-200001-039 // NVD: CVE-2000-0063

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0063

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200001-039

TYPE

other

Trust: 1.0

sources: IVD: 7d77fbd3-463f-11e9-88df-000c29342cb1 // IVD: 663d977a-2079-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200001-039

EXTERNAL IDS

db:NVDid:CVE-2000-0063

Trust: 2.7

db:BIDid:938

Trust: 2.0

db:CNNVDid:CNNVD-200001-039

Trust: 1.1

db:CNVDid:CNVD-2001-0323

Trust: 1.0

db:NSFOCUSid:257

Trust: 0.6

db:IVDid:7D77FBD3-463F-11E9-88DF-000C29342CB1

Trust: 0.2

db:IVDid:663D977A-2079-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-1642

Trust: 0.1

sources: IVD: 7d77fbd3-463f-11e9-88df-000c29342cb1 // IVD: 663d977a-2079-11e6-abef-000c29c66e3d // CNVD: CNVD-2001-0323 // VULHUB: VHN-1642 // BID: 938 // CNNVD: CNNVD-200001-039 // NVD: CVE-2000-0063

REFERENCES

url:http://www.securityfocus.com/bid/938

Trust: 1.7

url:http://www.nsfocus.net/vulndb/257

Trust: 0.6

url:http://www.nortelnetworks.com/products/01/contivity/index.html

Trust: 0.3

url: -

Trust: 0.1

sources: VULHUB: VHN-1642 // BID: 938 // CNNVD: CNNVD-200001-039 // NVD: CVE-2000-0063

CREDITS

foo foo@blacklisted.intranova.net

Trust: 0.6

sources: CNNVD: CNNVD-200001-039

SOURCES

db:IVDid:7d77fbd3-463f-11e9-88df-000c29342cb1
db:IVDid:663d977a-2079-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2001-0323
db:VULHUBid:VHN-1642
db:BIDid:938
db:CNNVDid:CNNVD-200001-039
db:NVDid:CVE-2000-0063

LAST UPDATE DATE

2024-08-14T13:40:49.622000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2001-0323date:2001-01-19T00:00:00
db:VULHUBid:VHN-1642date:2008-09-10T00:00:00
db:BIDid:938date:2000-01-18T00:00:00
db:CNNVDid:CNNVD-200001-039date:2006-08-30T00:00:00
db:NVDid:CVE-2000-0063date:2008-09-10T19:02:41.913

SOURCES RELEASE DATE

db:IVDid:7d77fbd3-463f-11e9-88df-000c29342cb1date:2001-01-19T00:00:00
db:IVDid:663d977a-2079-11e6-abef-000c29c66e3ddate:2001-01-19T00:00:00
db:CNVDid:CNVD-2001-0323date:2001-01-19T00:00:00
db:VULHUBid:VHN-1642date:2000-01-17T00:00:00
db:BIDid:938date:2000-01-18T00:00:00
db:CNNVDid:CNNVD-200001-039date:2000-01-17T00:00:00
db:NVDid:CVE-2000-0063date:2000-01-17T05:00:00