Details of VAR-200108-0146

ID

VAR-200108-0146

CVE

CVE-2001-0622

TITLE

Cisco Content Service Switch Management Authentication Bypass Vulnerability

Trust: 1.1

sources: IVD: 70228d56-23ce-11e6-abef-000c29c66e3d // BID: 2806 // CNNVD: CNNVD-200108-058

DESCRIPTION

The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. The Cisco Content Service Switch is an enterprise level web content switch, designed for load balancing and use as a frontend to a redundant web farm. It was previously manufactured by Arrowpoint. A problem with the switch can make it possible for a user to elevated privileges. Due to insufficent authentication checking, a user can bookmark the URL he or she is redirected to, and access the switch via that URL without authenication

Trust: 1.44

sources: NVD: CVE-2001-0622 // BID: 2806 // IVD: 70228d56-23ce-11e6-abef-000c29c66e3d // VULHUB: VHN-3436

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.2

sources: IVD: 70228d56-23ce-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:	cisco	model:	content services switch 11000	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content services switch 11000	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	webns 0b17s	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	webns 0b13s	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	webns b19s	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	cisco	model:	webns	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	cisco	model:	webns 1b29s	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	webns 1b23s	scope:	eq	version:	4.0	Trust: 0.3
vendor:	content services switch 11000	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 70228d56-23ce-11e6-abef-000c29c66e3d // BID: 2806 // CNNVD: CNNVD-200108-058 // NVD: CVE-2001-0622

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0622
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200108-058
value:	HIGH
Trust: 0.6
IVD:	70228d56-23ce-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-3436
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-0622
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IVD:	70228d56-23ce-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-3436
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 70228d56-23ce-11e6-abef-000c29c66e3d // VULHUB: VHN-3436 // CNNVD: CNNVD-200108-058 // NVD: CVE-2001-0622

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0622

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200108-058

TYPE

Access verification error

Trust: 0.8

sources: IVD: 70228d56-23ce-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200108-058

EXTERNAL IDS

db:	BID	id:	2806	Trust: 2.0
db:	NVD	id:	CVE-2001-0622	Trust: 1.9
db:	OSVDB	id:	1848	Trust: 1.7
db:	CNNVD	id:	CNNVD-200108-058	Trust: 0.9
db:	CISCO	id:	20010531 CISCO CONTENT SERVICE SWITCH 11000 SERIES WEB MANAGEMENT VULNERABILITY	Trust: 0.6
db:	XF	id:	6631	Trust: 0.6
db:	IVD	id:	70228D56-23CE-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-3436	Trust: 0.1

sources: IVD: 70228d56-23ce-11e6-abef-000c29c66e3d // VULHUB: VHN-3436 // BID: 2806 // CNNVD: CNNVD-200108-058 // NVD: CVE-2001-0622

REFERENCES

url:	http://www.securityfocus.com/bid/2806	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml	Trust: 1.7
url:	http://www.osvdb.org/1848	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6631	Trust: 1.1
url:	http://xforce.iss.net/static/6631.php	Trust: 0.6

sources: VULHUB: VHN-3436 // CNNVD: CNNVD-200108-058 // NVD: CVE-2001-0622

CREDITS

This vulnerability was announced to Bugtraq in a Cisco Security Advisory on May 31, 2001.

Trust: 0.9

sources: BID: 2806 // CNNVD: CNNVD-200108-058

SOURCES

db:	IVD	id:	70228d56-23ce-11e6-abef-000c29c66e3d
db:	VULHUB	id:	VHN-3436
db:	BID	id:	2806
db:	CNNVD	id:	CNNVD-200108-058
db:	NVD	id:	CVE-2001-0622

LAST UPDATE DATE

2024-08-14T14:29:38.573000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-3436	date:	2017-10-10T00:00:00
db:	BID	id:	2806	date:	2001-05-31T00:00:00
db:	CNNVD	id:	CNNVD-200108-058	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2001-0622	date:	2017-10-10T01:29:48.420

SOURCES RELEASE DATE

db:	IVD	id:	70228d56-23ce-11e6-abef-000c29c66e3d	date:	2001-08-14T00:00:00
db:	VULHUB	id:	VHN-3436	date:	2001-08-14T00:00:00
db:	BID	id:	2806	date:	2001-05-31T00:00:00
db:	CNNVD	id:	CNNVD-200108-058	date:	2001-08-14T00:00:00
db:	NVD	id:	CVE-2001-0622	date:	2001-08-14T04:00:00