Details of VAR-200110-0036

ID

VAR-200110-0036

CVE

CVE-2001-0757

TITLE

Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) module permits telnet access when no password has been set

Trust: 0.8

sources: CERT/CC: VU#516659

DESCRIPTION

Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet. It is distributed by Cisco Systems. This makes it possible for a remote user to gain access to systems behind the NRP2 module, potentially accessing secure systems

Trust: 2.07

sources: NVD: CVE-2001-0757 // CERT/CC: VU#516659 // BID: 2874 // VULHUB: VHN-3565 // VULMON: CVE-2001-0757

AFFECTED PRODUCTS

vendor:	cisco	model:	6400 nrp 2	scope:	eq	version:	12.1dc	Trust: 1.6
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nrp2 dc	scope:	eq	version:	640012.1	Trust: 0.3
vendor:	cisco	model:	nrp2 dc01	scope:	ne	version:	640012.1	Trust: 0.3

sources: CERT/CC: VU#516659 // BID: 2874 // CNNVD: CNNVD-200110-086 // NVD: CVE-2001-0757

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0757
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#516659
value:	33.75
Trust: 0.8
CNNVD:	CNNVD-200110-086
value:	HIGH
Trust: 0.6
VULHUB:	VHN-3565
value:	HIGH
Trust: 0.1
VULMON:	CVE-2001-0757
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-0757
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-3565
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#516659 // VULHUB: VHN-3565 // VULMON: CVE-2001-0757 // CNNVD: CNNVD-200110-086 // NVD: CVE-2001-0757

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0757

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200110-086

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200110-086

EXTERNAL IDS

db:	BID	id:	2874	Trust: 2.9
db:	CERT/CC	id:	VU#516659	Trust: 2.6
db:	NVD	id:	CVE-2001-0757	Trust: 1.8
db:	OSVDB	id:	804	Trust: 1.8
db:	CNNVD	id:	CNNVD-200110-086	Trust: 0.7
db:	XF	id:	2	Trust: 0.6
db:	XF	id:	6691	Trust: 0.6
db:	CISCO	id:	20010614 CISCO 6400 NRP2 TELNET VULNERABILITY	Trust: 0.6
db:	CIAC	id:	L-097	Trust: 0.6
db:	VULHUB	id:	VHN-3565	Trust: 0.1
db:	VULMON	id:	CVE-2001-0757	Trust: 0.1

sources: CERT/CC: VU#516659 // VULHUB: VHN-3565 // VULMON: CVE-2001-0757 // BID: 2874 // CNNVD: CNNVD-200110-086 // NVD: CVE-2001-0757

REFERENCES

url:	http://www.cisco.com/warp/public/707/6400-nrp2-telnet-vuln-pub.shtml	Trust: 2.6
url:	http://www.securityfocus.com/bid/2874	Trust: 2.6
url:	http://www.kb.cert.org/vuls/id/516659	Trust: 1.9
url:	http://www.ciac.org/ciac/bulletins/l-097.shtml	Trust: 1.8
url:	http://www.osvdb.org/804	Trust: 1.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6691	Trust: 1.2
url:	http://www.cisco.com/warp/public/cc/pd/as/6400/prodlit/cnrp_ds.htm	Trust: 0.8
url:	http://xforce.iss.net/static/6691.php	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CERT/CC: VU#516659 // VULHUB: VHN-3565 // VULMON: CVE-2001-0757 // CNNVD: CNNVD-200110-086 // NVD: CVE-2001-0757

CREDITS

This vulnerability was announced to Bugtraq in a Cisco Security Advisory on June 14, 2001.

Trust: 0.3

sources: BID: 2874

SOURCES

db:	CERT/CC	id:	VU#516659
db:	VULHUB	id:	VHN-3565
db:	VULMON	id:	CVE-2001-0757
db:	BID	id:	2874
db:	CNNVD	id:	CNNVD-200110-086
db:	NVD	id:	CVE-2001-0757

LAST UPDATE DATE

2024-08-14T12:11:04.982000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#516659	date:	2003-04-09T00:00:00
db:	VULHUB	id:	VHN-3565	date:	2017-10-10T00:00:00
db:	VULMON	id:	CVE-2001-0757	date:	2017-10-10T00:00:00
db:	BID	id:	2874	date:	2001-06-14T00:00:00
db:	CNNVD	id:	CNNVD-200110-086	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2001-0757	date:	2017-10-10T01:29:52.297

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#516659	date:	2001-09-20T00:00:00
db:	VULHUB	id:	VHN-3565	date:	2001-10-18T00:00:00
db:	VULMON	id:	CVE-2001-0757	date:	2001-10-18T00:00:00
db:	BID	id:	2874	date:	2001-06-14T00:00:00
db:	CNNVD	id:	CNNVD-200110-086	date:	2001-10-18T00:00:00
db:	NVD	id:	CVE-2001-0757	date:	2001-10-18T04:00:00