ID

VAR-200001-0069


TITLE

Intel InBusiness E-mail Workstation Security Vulnerability

Trust: 1.0

sources: IVD: 7d79f7a3-463f-11e9-9f73-000c29342cb1 // IVD: 61b3d16a-2083-11e6-abef-000c29c66e3d // CNVD: CNVD-2000-0038

DESCRIPTION

Intel InBusiness E-mail is a small application server. This product has a security vulnerability that allows unauthorized remote attackers to delete arbitrary files on the hard disk and change the configuration file of the e-mail workstation. Under certain conditions, remote attackers also It is possible to read the e-mail of any user in the system. Details: This e-mail workstation runs the VxWorks operating system and uses a 486 SX25 processor. A daemon called "daynad" is bound to TCP port 244. By connecting to this service port, you can execute many commands without going through any security authentication. By simply establishing a TCP connection to this port, the following commands can be executed: FormSet: After the next restart, this e- The mail workstation will be restored to the factory state. In this state, the e-mail workstation will use a DHCP server to obtain its own IP address. This also means that the attacker can connect to e without any password after the next restart. -Mail workstation and complete control of the entire device. FormProtect: After the next restart, the e-mail workstation will be restored to the factory state and all passwords will be disabled. Only reconnecting Use the FormSet command to restore to port 244. MakeDir: Create a directory on the hard disk Remove: Remove the specified file from the hard disk, which may be the user's mail or other files. Z: This command will provide a UNIX-type login prompt interface. Enter the password of the super user to enter. If the password is reset using FormSet, the attacker may log in without the password. Once logged in, the attacker may execute arbitrary commands to operate the hard disk. & Lt; * Source: Kit Knox (kit@CONNECTNET.COM) *>. e-mail

Trust: 0.9

sources: CNVD: CNVD-2000-0038 // IVD: 7d79f7a3-463f-11e9-9f73-000c29342cb1 // IVD: 61b3d16a-2083-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 7d79f7a3-463f-11e9-9f73-000c29342cb1 // IVD: 61b3d16a-2083-11e6-abef-000c29c66e3d // CNVD: CNVD-2000-0038

AFFECTED PRODUCTS

vendor:nonemodel: - scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2000-0038

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 7d79f7a3-463f-11e9-9f73-000c29342cb1
value: HIGH

Trust: 0.2

IVD: 61b3d16a-2083-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

IVD: 7d79f7a3-463f-11e9-9f73-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 61b3d16a-2083-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: 7d79f7a3-463f-11e9-9f73-000c29342cb1 // IVD: 61b3d16a-2083-11e6-abef-000c29c66e3d

TYPE

Buffer overflow

Trust: 0.2

sources: IVD: 7d79f7a3-463f-11e9-9f73-000c29342cb1

EXTERNAL IDS

db:CNVDid:CNVD-2000-0038

Trust: 1.0

db:IVDid:7D79F7A3-463F-11E9-9F73-000C29342CB1

Trust: 0.2

db:IVDid:61B3D16A-2083-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 7d79f7a3-463f-11e9-9f73-000c29342cb1 // IVD: 61b3d16a-2083-11e6-abef-000c29c66e3d // CNVD: CNVD-2000-0038

SOURCES

db:IVDid:7d79f7a3-463f-11e9-9f73-000c29342cb1
db:IVDid:61b3d16a-2083-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2000-0038

LAST UPDATE DATE

2022-05-17T02:05:39.822000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2000-0038date:2000-01-07T00:00:00

SOURCES RELEASE DATE

db:IVDid:7d79f7a3-463f-11e9-9f73-000c29342cb1date:2000-01-07T00:00:00
db:IVDid:61b3d16a-2083-11e6-abef-000c29c66e3ddate:2000-01-07T00:00:00
db:CNVDid:CNVD-2000-0038date:2000-01-07T00:00:00