ID

VAR-200005-0012


CVE

CVE-2000-0384


TITLE

NetStructure 7110 Unpublished password vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200005-033

DESCRIPTION

NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure's MAC address, which could allow remote attackers to gain root access. NetStructure (formerly known as Ipivot Commerce Accelerator) is a multi-site traffic director. This internet equipment is designed for businesses with multiple Web site locations, routing traffic to the best available site from a single URL. Certain revisions of this package have an undocumented supervisor password. This password, which grants access to the 'wizard' mode of the device, is derived from the MAC address of the primary NIC. This MAC address is displayed in the login banner. This password can be utilized from the admin console locally (via a serial interface) or remotely if the machine has been deployed with a modem for remote access. With this password an intruder gains shell access to the underlying UNIX system and may sniff traffic, among other things. These passwords are derived from is the ethernet address of the public interface which under default installs is available via a default passworded SNMP daemon. It should be noted that configuration over telnet is preferred in the user documentation. NetStructure 7110 and 7180 have undisclosed accounts (servnow, root, and wizard). Remote attackers can use this vulnerability to obtain root user privileges

Trust: 1.53

sources: NVD: CVE-2000-0384 // BID: 1182 // BID: 1183 // VULHUB: VHN-1963

AFFECTED PRODUCTS

vendor:intelmodel:netstructure 7110scope:eqversion:*

Trust: 1.0

vendor:intelmodel:netstructure 7180scope:eqversion:*

Trust: 1.0

vendor:intelmodel:netstructure 7180scope: - version: -

Trust: 0.6

vendor:intelmodel:netstructure 7110scope: - version: -

Trust: 0.6

vendor:intelmodel:netstructurescope:eqversion:7110

Trust: 0.3

vendor:intelmodel:netstructurescope:eqversion:7180

Trust: 0.3

sources: BID: 1182 // BID: 1183 // CNNVD: CNNVD-200005-033 // NVD: CVE-2000-0384

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0384
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200005-033
value: CRITICAL

Trust: 0.6

VULHUB: VHN-1963
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2000-0384
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1963
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1963 // CNNVD: CNNVD-200005-033 // NVD: CVE-2000-0384

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0384

THREAT TYPE

network

Trust: 0.6

sources: BID: 1182 // BID: 1183

TYPE

Access Validation Error

Trust: 0.6

sources: BID: 1182 // BID: 1183

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1963

EXTERNAL IDS

db:NVDid:CVE-2000-0384

Trust: 2.3

db:BIDid:1182

Trust: 2.0

db:BIDid:1183

Trust: 2.0

db:CNNVDid:CNNVD-200005-033

Trust: 0.7

db:L0PHTid:20000508 NETSTRUCTURE 7180 REMOTE BACKDOOR VULNERABILITY

Trust: 0.6

db:L0PHTid:20000508 NETSTRUCTURE 7110 CONSOLE BACKDOOR

Trust: 0.6

db:EXPLOIT-DBid:19904

Trust: 0.1

db:SEEBUGid:SSVID-73811

Trust: 0.1

db:VULHUBid:VHN-1963

Trust: 0.1

sources: VULHUB: VHN-1963 // BID: 1182 // BID: 1183 // CNNVD: CNNVD-200005-033 // NVD: CVE-2000-0384

REFERENCES

url:http://www.securityfocus.com/bid/1182

Trust: 2.7

url:http://www.securityfocus.com/bid/1183

Trust: 2.7

url:http://216.188.41.136/

Trust: 2.7

url:http://www.l0pht.com/advisories/ipivot7180.html

Trust: 2.7

url:http://www.lopht.com/advisories/ipivot7110.html

Trust: 2.7

url: -

Trust: 0.1

sources: VULHUB: VHN-1963 // CNNVD: CNNVD-200005-033 // NVD: CVE-2000-0384

CREDITS

This vulnerability was published to the Bugtraq mailing list by @Stake Inc. / L0pht Research Labs on May 8, 2000.

Trust: 0.9

sources: BID: 1182 // CNNVD: CNNVD-200005-033

SOURCES

db:VULHUBid:VHN-1963
db:BIDid:1182
db:BIDid:1183
db:CNNVDid:CNNVD-200005-033
db:NVDid:CVE-2000-0384

LAST UPDATE DATE

2024-11-22T23:00:11.166000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1963date:2008-09-05T00:00:00
db:BIDid:1182date:2009-07-11T01:56:00
db:BIDid:1183date:2009-07-11T01:56:00
db:CNNVDid:CNNVD-200005-033date:2006-08-09T00:00:00
db:NVDid:CVE-2000-0384date:2024-11-20T23:32:22.897

SOURCES RELEASE DATE

db:VULHUBid:VHN-1963date:2000-05-08T00:00:00
db:BIDid:1182date:2000-05-08T00:00:00
db:BIDid:1183date:2000-05-08T00:00:00
db:CNNVDid:CNNVD-200005-033date:2000-05-08T00:00:00
db:NVDid:CVE-2000-0384date:2000-05-08T04:00:00