Details of VAR-200212-0002

ID

VAR-200212-0002

CVE

CVE-2002-1272

TITLE

Alcatel Operating System (AOS) does not require a password for accessing the telnet server

Trust: 0.8

sources: CERT/CC: VU#181721

DESCRIPTION

Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. This gives anyone access to the OmniSwitch's Vx-Works operating system without requiring a password. Alcatel Operating System (AOS) version 5.1.1 Works Alcatel OmniSwitch 7700/7800 The switch was used during development telnet Port for server (6778/TCP) Is ready for continuous use. this telnet By using the service, you do not need a password, OmniSwitch of Vx-Works operating system Can be accessed.A third party could remotely gain control of the vulnerable device. As a result, unauthorized access, unauthorized monitoring, information leakage, denial of service (denial-of-service, DoS) It may be accompanied by dangers such as attacks. OmniSwitch 7700/7800 LAN switch runs Alcatel Operating System (AOS) operating system. This service is used to access the Wind River Vx-Works operating system during the development phase, but before the product is released No removal. Attackers can use this service to control the entire system. It is distributed and maintained by Alcatel. It has been discovered that an unintended back door is built into some releases of AOS

Trust: 3.24

sources: NVD: CVE-2002-1272 // CERT/CC: VU#181721 // JVNDB: JVNDB-2002-000355 // CNVD: CNVD-2002-4084 // BID: 6220 // VULMON: CVE-2002-1272

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2002-4084

AFFECTED PRODUCTS

vendor:	alcatel	model:	aos	scope:	eq	version:	5.1.1	Trust: 1.6
vendor:	alcatel	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	alcatel lucent	model:	alcatel-lucent operating system	scope:	eq	version:	5.1.1	Trust: 0.8
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	alcatel lucent	model:	aos	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	alcatel lucent	model:	aos .r03	scope:	ne	version:	5.1.1	Trust: 0.3
vendor:	alcatel lucent	model:	aos .r02	scope:	ne	version:	5.1.1	Trust: 0.3

sources: CERT/CC: VU#181721 // CNVD: CNVD-2002-4084 // BID: 6220 // JVNDB: JVNDB-2002-000355 // CNNVD: CNNVD-200212-022 // NVD: CVE-2002-1272

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1272
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#181721
value:	49.50
Trust: 0.8
NVD:	CVE-2002-1272
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200212-022
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2002-1272
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-1272
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

sources: CERT/CC: VU#181721 // VULMON: CVE-2002-1272 // JVNDB: JVNDB-2002-000355 // CNNVD: CNNVD-200212-022 // NVD: CVE-2002-1272

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1272

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-022

TYPE

Design Error

Trust: 0.9

sources: BID: 6220 // CNNVD: CNNVD-200212-022

CONFIGURATIONS

sources: JVNDB: JVNDB-2002-000355

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1272	Trust: 3.4
db:	CERT/CC	id:	VU#181721	Trust: 3.3
db:	BID	id:	6220	Trust: 2.0
db:	XF	id:	10664	Trust: 1.4
db:	JVNDB	id:	JVNDB-2002-000355	Trust: 0.8
db:	CNVD	id:	CNVD-2002-4084	Trust: 0.6
db:	CERT/CC	id:	CA-2002-32	Trust: 0.6
db:	CNNVD	id:	CNNVD-200212-022	Trust: 0.6
db:	VULMON	id:	CVE-2002-1272	Trust: 0.1

sources: CERT/CC: VU#181721 // CNVD: CNVD-2002-4084 // VULMON: CVE-2002-1272 // BID: 6220 // JVNDB: JVNDB-2002-000355 // CNNVD: CNNVD-200212-022 // NVD: CVE-2002-1272

REFERENCES

url:	http://www.kb.cert.org/vuls/id/181721	Trust: 2.6
url:	http://www.cert.org/advisories/ca-2002-32.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/6220	Trust: 1.8
url:	http://xforce.iss.net/xforce/xfdb/10664	Trust: 1.4
url:	http://www.alcatel.com/support	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/10664	Trust: 1.1
url:	http://www.ind.alcatel.com/nextgen/omniswitch_7000_brief.pdf	Trust: 0.8
url:	http://www.ind.alcatel.com/specs/index.cfm?cnt=7000	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1272	Trust: 0.8
url:	http://jvn.jp/vn/jvnca-2002-32/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2002-1272	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CERT/CC: VU#181721 // VULMON: CVE-2002-1272 // BID: 6220 // JVNDB: JVNDB-2002-000355 // CNNVD: CNNVD-200212-022 // NVD: CVE-2002-1272

CREDITS

David Mirza Ahmad※ da@securityfocus.com

Trust: 0.6

sources: CNNVD: CNNVD-200212-022

SOURCES

db:	CERT/CC	id:	VU#181721
db:	CNVD	id:	CNVD-2002-4084
db:	VULMON	id:	CVE-2002-1272
db:	BID	id:	6220
db:	JVNDB	id:	JVNDB-2002-000355
db:	CNNVD	id:	CNNVD-200212-022
db:	NVD	id:	CVE-2002-1272

LAST UPDATE DATE

2024-08-14T15:45:47.061000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#181721	date:	2002-11-21T00:00:00
db:	CNVD	id:	CNVD-2002-4084	date:	2020-03-10T00:00:00
db:	VULMON	id:	CVE-2002-1272	date:	2017-10-10T00:00:00
db:	BID	id:	6220	date:	2009-07-11T19:16:00
db:	JVNDB	id:	JVNDB-2002-000355	date:	2009-04-03T00:00:00
db:	CNNVD	id:	CNNVD-200212-022	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2002-1272	date:	2017-10-10T01:30:10.453

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#181721	date:	2002-11-20T00:00:00
db:	CNVD	id:	CNVD-2002-4084	date:	2002-11-20T00:00:00
db:	VULMON	id:	CVE-2002-1272	date:	2002-12-11T00:00:00
db:	BID	id:	6220	date:	2002-11-21T00:00:00
db:	JVNDB	id:	JVNDB-2002-000355	date:	2009-04-03T00:00:00
db:	CNNVD	id:	CNNVD-200212-022	date:	2002-11-20T00:00:00
db:	NVD	id:	CVE-2002-1272	date:	2002-12-11T05:00:00