ID

VAR-200101-0109


CVE

CVE-2001-1037


TITLE

Cisco SN 5420 Storage Router Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200101-005

DESCRIPTION

Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. The Cisco Storage Router is a enterprise-level gigabit-capable routing device designed to handle storage over networks. It is distributed by Cisco Systems. A problem in the firmware used with SN 5420 routers makes it possible to gain unauthorized access and elevated privileges. A remote user may gain a developer shell from either rlogin via the fibrechannel interface of the router, or through port 8023 on the gigabit side of the router. Commands and configuration changes may be executed from the shell, and are not logged by the SN logging facility,. Cisco SN 5420 Storage Router 1.1(3) and earlier versions have vulnerabilities

Trust: 1.26

sources: NVD: CVE-2001-1037 // BID: 3131 // VULHUB: VHN-3842

AFFECTED PRODUCTS

vendor:ciscomodel:sn 5420 storage routerscope:eqversion:1.1\(3\)

Trust: 2.2

vendor:ciscomodel:sn 5420 storage routerscope:eqversion:1.1\(2\)

Trust: 2.2

vendor:ciscomodel:sn storage routerscope:eqversion:54201.1(3)

Trust: 0.3

vendor:ciscomodel:sn storage routerscope:eqversion:54201.1(2)

Trust: 0.3

vendor:ciscomodel:sn storage routerscope:neversion:54201.1(4)

Trust: 0.3

sources: BID: 3131 // CNNVD: CNNVD-200101-005 // NVD: CVE-2001-1037

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-1037
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200101-005
value: MEDIUM

Trust: 0.6

VULHUB: VHN-3842
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2001-1037
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3842
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-3842 // CNNVD: CNNVD-200101-005 // NVD: CVE-2001-1037

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1037

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200101-005

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200101-005

EXTERNAL IDS

db:BIDid:3131

Trust: 2.0

db:OSVDBid:1917

Trust: 1.7

db:NVDid:CVE-2001-1037

Trust: 1.7

db:CNNVDid:CNNVD-200101-005

Trust: 0.7

db:CISCOid:20010711 VULNERABILITIES IN CISCO SN 5420 STORAGE ROUTERS

Trust: 0.6

db:XFid:6827

Trust: 0.6

db:VULHUBid:VHN-3842

Trust: 0.1

sources: VULHUB: VHN-3842 // BID: 3131 // CNNVD: CNNVD-200101-005 // NVD: CVE-2001-1037

REFERENCES

url:http://www.securityfocus.com/bid/3131

Trust: 2.7

url:http://www.cisco.com/warp/public/707/sn-kernel-pub.html

Trust: 2.7

url:http://www.osvdb.org/1917

Trust: 2.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6827

Trust: 2.1

url:http://xforce.iss.net/static/6827.php

Trust: 0.6

sources: VULHUB: VHN-3842 // CNNVD: CNNVD-200101-005 // NVD: CVE-2001-1037

CREDITS

This vulnerability was announced in a Cisco Security Advisory on August 1, 2001.

Trust: 0.3

sources: BID: 3131

SOURCES

db:VULHUBid:VHN-3842
db:BIDid:3131
db:CNNVDid:CNNVD-200101-005
db:NVDid:CVE-2001-1037

LAST UPDATE DATE

2024-11-22T22:48:55.457000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-3842date:2018-10-30T00:00:00
db:BIDid:3131date:2001-08-01T00:00:00
db:CNNVDid:CNNVD-200101-005date:2005-05-02T00:00:00
db:NVDid:CVE-2001-1037date:2024-11-20T23:36:43.300

SOURCES RELEASE DATE

db:VULHUBid:VHN-3842date:2001-01-08T00:00:00
db:BIDid:3131date:2001-08-01T00:00:00
db:CNNVDid:CNNVD-200101-005date:2001-01-08T00:00:00
db:NVDid:CVE-2001-1037date:2001-01-08T05:00:00