Details of VAR-200108-0145

ID

VAR-200108-0145

CVE

CVE-2001-0621

TITLE

Cisco Content Service switch FTP Access control vulnerability

Trust: 1.1

sources: IVD: 702bda50-23ce-11e6-abef-000c29c66e3d // BID: 2745 // CNNVD: CNNVD-200108-050

DESCRIPTION

The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. The Cisco Content Service (CSS) switch is an Enterprise-level utility by Cisco Systems. The CSS switch is a Layer 5 and 7 aware switch capable of providing a high performance frontend to web server farms and caches. A problem with the switch could allow non-privileged users to upload files to the switch. The switch allows any user with a valid account to use the FTP PUT and GET functions. This problem makes it possible for a remote user to overwrite local files, or gain access to sensitive files

Trust: 1.44

sources: NVD: CVE-2001-0621 // BID: 2745 // IVD: 702bda50-23ce-11e6-abef-000c29c66e3d // VULHUB: VHN-3435

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.2

sources: IVD: 702bda50-23ce-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:	cisco	model:	content services switch 11000	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content services switch 11000	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	webns b19s	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	cisco	model:	webns	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	cisco	model:	webns	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	webns 0b13s	scope:	ne	version:	4.1	Trust: 0.3
vendor:	cisco	model:	webns 1b23s	scope:	ne	version:	4.0	Trust: 0.3
vendor:	content services switch 11000	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 702bda50-23ce-11e6-abef-000c29c66e3d // BID: 2745 // CNNVD: CNNVD-200108-050 // NVD: CVE-2001-0621

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0621
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200108-050
value:	HIGH
Trust: 0.6
IVD:	702bda50-23ce-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-3435
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-0621
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IVD:	702bda50-23ce-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-3435
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 702bda50-23ce-11e6-abef-000c29c66e3d // VULHUB: VHN-3435 // CNNVD: CNNVD-200108-050 // NVD: CVE-2001-0621

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0621

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200108-050

TYPE

Access verification error

Trust: 0.8

sources: IVD: 702bda50-23ce-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200108-050

EXTERNAL IDS

db:	BID	id:	2745	Trust: 2.0
db:	NVD	id:	CVE-2001-0621	Trust: 1.9
db:	OSVDB	id:	1834	Trust: 1.7
db:	CNNVD	id:	CNNVD-200108-050	Trust: 0.9
db:	XF	id:	6557	Trust: 0.6
db:	CIAC	id:	L-085	Trust: 0.6
db:	CISCO	id:	20010517 CISCO CONTENT SERVICE SWITCH 11000 SERIES FTP VULNERABILITY	Trust: 0.6
db:	IVD	id:	702BDA50-23CE-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-3435	Trust: 0.1

sources: IVD: 702bda50-23ce-11e6-abef-000c29c66e3d // VULHUB: VHN-3435 // BID: 2745 // CNNVD: CNNVD-200108-050 // NVD: CVE-2001-0621

REFERENCES

url:	http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/2745	Trust: 1.7
url:	http://www.ciac.org/ciac/bulletins/l-085.shtml	Trust: 1.7
url:	http://www.osvdb.org/1834	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6557	Trust: 1.1
url:	http://xforce.iss.net/static/6557.php	Trust: 0.6

sources: VULHUB: VHN-3435 // BID: 2745 // CNNVD: CNNVD-200108-050 // NVD: CVE-2001-0621

CREDITS

This vulnerability was announced to Bugtraq in a Cisco Security Advisory on May 18, 2001.

Trust: 0.9

sources: BID: 2745 // CNNVD: CNNVD-200108-050

SOURCES

db:	IVD	id:	702bda50-23ce-11e6-abef-000c29c66e3d
db:	VULHUB	id:	VHN-3435
db:	BID	id:	2745
db:	CNNVD	id:	CNNVD-200108-050
db:	NVD	id:	CVE-2001-0621

LAST UPDATE DATE

2024-08-14T15:15:16.275000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-3435	date:	2017-10-10T00:00:00
db:	BID	id:	2745	date:	2001-05-17T00:00:00
db:	CNNVD	id:	CNNVD-200108-050	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2001-0621	date:	2017-10-10T01:29:48.360

SOURCES RELEASE DATE

db:	IVD	id:	702bda50-23ce-11e6-abef-000c29c66e3d	date:	2001-08-14T00:00:00
db:	VULHUB	id:	VHN-3435	date:	2001-08-14T00:00:00
db:	BID	id:	2745	date:	2001-05-17T00:00:00
db:	CNNVD	id:	CNNVD-200108-050	date:	2001-08-14T00:00:00
db:	NVD	id:	CVE-2001-0621	date:	2001-08-14T04:00:00