Details of VAR-200101-0109

ID

VAR-200101-0109

CVE

CVE-2001-1037

TITLE

Cisco SN 5420 Storage Router Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200101-005

DESCRIPTION

Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. The Cisco Storage Router is a enterprise-level gigabit-capable routing device designed to handle storage over networks. It is distributed by Cisco Systems. A problem in the firmware used with SN 5420 routers makes it possible to gain unauthorized access and elevated privileges. A remote user may gain a developer shell from either rlogin via the fibrechannel interface of the router, or through port 8023 on the gigabit side of the router. Commands and configuration changes may be executed from the shell, and are not logged by the SN logging facility,. Cisco SN 5420 Storage Router 1.1(3) and earlier versions have vulnerabilities

Trust: 1.26

sources: NVD: CVE-2001-1037 // BID: 3131 // VULHUB: VHN-3842

AFFECTED PRODUCTS

vendor:	cisco	model:	sn 5420 storage router	scope:	eq	version:	1.1\(3\)	Trust: 2.2
vendor:	cisco	model:	sn 5420 storage router	scope:	eq	version:	1.1\(2\)	Trust: 2.2
vendor:	cisco	model:	sn storage router	scope:	eq	version:	54201.1(3)	Trust: 0.3
vendor:	cisco	model:	sn storage router	scope:	eq	version:	54201.1(2)	Trust: 0.3
vendor:	cisco	model:	sn storage router	scope:	ne	version:	54201.1(4)	Trust: 0.3

sources: BID: 3131 // CNNVD: CNNVD-200101-005 // NVD: CVE-2001-1037

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1037
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200101-005
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-3842
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-1037
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3842
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-3842 // CNNVD: CNNVD-200101-005 // NVD: CVE-2001-1037

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1037

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200101-005

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200101-005

EXTERNAL IDS

db:	BID	id:	3131	Trust: 2.0
db:	OSVDB	id:	1917	Trust: 1.7
db:	NVD	id:	CVE-2001-1037	Trust: 1.7
db:	CNNVD	id:	CNNVD-200101-005	Trust: 0.7
db:	CISCO	id:	20010711 VULNERABILITIES IN CISCO SN 5420 STORAGE ROUTERS	Trust: 0.6
db:	XF	id:	6827	Trust: 0.6
db:	VULHUB	id:	VHN-3842	Trust: 0.1

sources: VULHUB: VHN-3842 // BID: 3131 // CNNVD: CNNVD-200101-005 // NVD: CVE-2001-1037

REFERENCES

url:	http://www.securityfocus.com/bid/3131	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/sn-kernel-pub.html	Trust: 1.7
url:	http://www.osvdb.org/1917	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6827	Trust: 1.1
url:	http://xforce.iss.net/static/6827.php	Trust: 0.6

sources: VULHUB: VHN-3842 // CNNVD: CNNVD-200101-005 // NVD: CVE-2001-1037

CREDITS

This vulnerability was announced in a Cisco Security Advisory on August 1, 2001.

Trust: 0.3

sources: BID: 3131

SOURCES

db:	VULHUB	id:	VHN-3842
db:	BID	id:	3131
db:	CNNVD	id:	CNNVD-200101-005
db:	NVD	id:	CVE-2001-1037

LAST UPDATE DATE

2024-08-14T14:09:12.275000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-3842	date:	2018-10-30T00:00:00
db:	BID	id:	3131	date:	2001-08-01T00:00:00
db:	CNNVD	id:	CNNVD-200101-005	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2001-1037	date:	2018-10-30T16:25:32.670

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-3842	date:	2001-01-08T00:00:00
db:	BID	id:	3131	date:	2001-08-01T00:00:00
db:	CNNVD	id:	CNNVD-200101-005	date:	2001-01-08T00:00:00
db:	NVD	id:	CVE-2001-1037	date:	2001-01-08T05:00:00