Details of VAR-200201-0020

ID

VAR-200201-0020

CVE

CVE-2002-1595

TITLE

Cisco SN 5420 Storage Router Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 3832 // CNNVD: CNNVD-200201-005

DESCRIPTION

Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization. This can lead to an intruder gaining access to the storage space on the router. The attacker must be able to guess the name of the configuration file. Cisco has identified this issue as bug number CSCdv24925

Trust: 1.98

sources: NVD: CVE-2002-1595 // CERT/CC: VU#833459 // BID: 3832 // VULHUB: VHN-5980

AFFECTED PRODUCTS

vendor:	cisco	model:	sn 5420 storage router	scope:	eq	version:	1.1\(3\)	Trust: 2.2
vendor:	cisco	model:	sn 5420 storage router	scope:	eq	version:	1.1\(4\)	Trust: 2.2
vendor:	cisco	model:	sn 5420 storage router	scope:	eq	version:	1.1\(2\)	Trust: 2.2
vendor:	cisco	model:	sn 5420 storage router	scope:	eq	version:	1.1\(5\)	Trust: 2.2
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sn storage router	scope:	eq	version:	54201.1(5)	Trust: 0.3
vendor:	cisco	model:	sn storage router	scope:	eq	version:	54201.1(4)	Trust: 0.3
vendor:	cisco	model:	sn storage router	scope:	eq	version:	54201.1(3)	Trust: 0.3
vendor:	cisco	model:	sn storage router	scope:	eq	version:	54201.1(2)	Trust: 0.3
vendor:	cisco	model:	sn storage router	scope:	ne	version:	54201.1(7)	Trust: 0.3

sources: CERT/CC: VU#833459 // BID: 3832 // CNNVD: CNNVD-200201-005 // NVD: CVE-2002-1595

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1595
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#833459
value:	15.54
Trust: 0.8
CNNVD:	CNNVD-200201-005
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5980
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1595
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5980
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#833459 // VULHUB: VHN-5980 // CNNVD: CNNVD-200201-005 // NVD: CVE-2002-1595

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1595

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200201-005

TYPE

Design Error

Trust: 0.9

sources: BID: 3832 // CNNVD: CNNVD-200201-005

EXTERNAL IDS

db:	BID	id:	3832	Trust: 2.8
db:	CERT/CC	id:	VU#833459	Trust: 2.5
db:	NVD	id:	CVE-2002-1595	Trust: 1.7
db:	CNNVD	id:	CNNVD-200201-005	Trust: 0.7
db:	CISCO	id:	20020109 MULTIPLE VULNERABILITIES IN CISCO SN 5420 STORAGE ROUTERS	Trust: 0.6
db:	XF	id:	7828	Trust: 0.6
db:	VULHUB	id:	VHN-5980	Trust: 0.1

sources: CERT/CC: VU#833459 // VULHUB: VHN-5980 // BID: 3832 // CNNVD: CNNVD-200201-005 // NVD: CVE-2002-1595

REFERENCES

url:	http://www.cisco.com/warp/public/707/sn-multiple-pub.shtml	Trust: 3.5
url:	http://www.securityfocus.com/bid/3832	Trust: 3.5
url:	http://www.kb.cert.org/vuls/id/833459	Trust: 2.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/7828	Trust: 2.1
url:	http://xforce.iss.net/xforce/xfdb/7828	Trust: 0.6

sources: CERT/CC: VU#833459 // VULHUB: VHN-5980 // CNNVD: CNNVD-200201-005 // NVD: CVE-2002-1595

CREDITS

Cisco PSIRT※ psirt@cisco.com

Trust: 0.6

sources: CNNVD: CNNVD-200201-005

SOURCES

db:	CERT/CC	id:	VU#833459
db:	VULHUB	id:	VHN-5980
db:	BID	id:	3832
db:	CNNVD	id:	CNNVD-200201-005
db:	NVD	id:	CVE-2002-1595

LAST UPDATE DATE

2024-11-22T22:59:28.866000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#833459	date:	2002-01-14T00:00:00
db:	VULHUB	id:	VHN-5980	date:	2018-10-30T00:00:00
db:	BID	id:	3832	date:	2002-01-09T00:00:00
db:	CNNVD	id:	CNNVD-200201-005	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1595	date:	2024-11-20T23:41:40.810

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#833459	date:	2002-01-14T00:00:00
db:	VULHUB	id:	VHN-5980	date:	2002-01-09T00:00:00
db:	BID	id:	3832	date:	2002-01-09T00:00:00
db:	CNNVD	id:	CNNVD-200201-005	date:	2002-01-09T00:00:00
db:	NVD	id:	CVE-2002-1595	date:	2002-01-09T05:00:00