Details of VAR-200012-0191

ID

VAR-200012-0191

CVE

CVE-2000-0955

TITLE

Cisco Virtual Central Office Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200012-095

DESCRIPTION

Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges. A vulnerability exists in the Cisco Virtual Central Office 4000 (VCO/4K) programmable voice switch running software versions 5.13 and earlier. The usernames and passwords for the device's SNMP administration interface are protected by a simple substitution cipher which can be easily defeated. As a result, if the "encrypted" passwords are retrieved, (for example, through the read-only community string) an attacker can obtain a list of valid usernames and passwords potentially allowing an elevation of privileges and possibly more serious consequences

Trust: 1.26

sources: NVD: CVE-2000-0955 // BID: 1885 // VULHUB: VHN-2525

AFFECTED PRODUCTS

vendor:	cisco	model:	virtual central office 4000	scope:	lte	version:	5.1.3	Trust: 1.0
vendor:	cisco	model:	virtual central office 4000	scope:	eq	version:	5.1.3	Trust: 0.6
vendor:	cisco	model:	virtual central office	scope:	eq	version:	40005.1.3	Trust: 0.3
vendor:	cisco	model:	virtual central office	scope:	ne	version:	40005.1.4	Trust: 0.3

sources: BID: 1885 // CNNVD: CNNVD-200012-095 // NVD: CVE-2000-0955

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-0955
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200012-095
value:	HIGH
Trust: 0.6
VULHUB:	VHN-2525
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2000-0955
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-2525
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-2525 // CNNVD: CNNVD-200012-095 // NVD: CVE-2000-0955

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0955

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200012-095

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200012-095

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-2525

EXTERNAL IDS

db:	NVD	id:	CVE-2000-0955	Trust: 2.0
db:	BID	id:	1885	Trust: 2.0
db:	CNNVD	id:	CNNVD-200012-095	Trust: 0.7
db:	ATSTAKE	id:	A102600-1	Trust: 0.6
db:	XF	id:	5425	Trust: 0.6
db:	SEEBUG	id:	SSVID-74253	Trust: 0.1
db:	EXPLOIT-DB	id:	20372	Trust: 0.1
db:	VULHUB	id:	VHN-2525	Trust: 0.1

sources: VULHUB: VHN-2525 // BID: 1885 // CNNVD: CNNVD-200012-095 // NVD: CVE-2000-0955

REFERENCES

url:	http://www.atstake.com/research/advisories/2000/a102600-1.txt	Trust: 1.7
url:	http://www.securityfocus.com/bid/1885	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/5425	Trust: 1.1
url:	http://xforce.iss.net/static/5425.php	Trust: 0.6

sources: VULHUB: VHN-2525 // CNNVD: CNNVD-200012-095 // NVD: CVE-2000-0955

CREDITS

Reported to bugtraq by "@stake Advisories" <advisories@atstake.com> on Thu, 26 Oct 2000.

Trust: 0.9

sources: BID: 1885 // CNNVD: CNNVD-200012-095

SOURCES

db:	VULHUB	id:	VHN-2525
db:	BID	id:	1885
db:	CNNVD	id:	CNNVD-200012-095
db:	NVD	id:	CVE-2000-0955

LAST UPDATE DATE

2024-08-14T15:31:20.959000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-2525	date:	2017-12-19T00:00:00
db:	BID	id:	1885	date:	2009-07-11T03:56:00
db:	CNNVD	id:	CNNVD-200012-095	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2000-0955	date:	2017-12-19T02:29:12.847

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-2525	date:	2000-12-19T00:00:00
db:	BID	id:	1885	date:	2000-10-26T00:00:00
db:	CNNVD	id:	CNNVD-200012-095	date:	2000-12-19T00:00:00
db:	NVD	id:	CVE-2000-0955	date:	2000-12-19T05:00:00