Details of VAR-200303-0128

ID

VAR-200303-0128

TITLE

3Com SuperStack II RAS 1500 Unauthorized Remote Access Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-0844

DESCRIPTION

The 3com SuperStack II Remote Access System 1500 is a device that accesses telecommunications equipment through BRI-ISDN/analog lines. Some files in the 3com SuperStack II remote access system can be accessed without authorization. Remote attackers can use this vulnerability to obtain sensitive information about system devices. RAS 1500 only protects the download.htm file (download manager for configuration files and system software), requires HTTP BASIC authentication, and does not have any protection for system image files and configuration files. Attackers can be unauthorized. Access these files for sensitive information. Specifically, RAS 1500 devices fail to carry out authentication when requests are made for various files that may contain sensitive information

Trust: 0.81

sources: CNVD: CNVD-2003-0844 // BID: 7176

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-0844

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	3com	model:	superstack ii ras	scope:	eq	version:	15002.5.0	Trust: 0.3
vendor:	3com	model:	superstack ii ras	scope:	eq	version:	1500	Trust: 0.3

sources: CNVD: CNVD-2003-0844 // BID: 7176

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-0844
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2003-0844
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-0844

THREAT TYPE

network

Trust: 0.3

sources: BID: 7176

TYPE

Access Validation Error

Trust: 0.3

sources: BID: 7176

EXTERNAL IDS

db:	BID	id:	7176	Trust: 0.9
db:	CNVD	id:	CNVD-2003-0844	Trust: 0.6

sources: CNVD: CNVD-2003-0844 // BID: 7176

REFERENCES

url:	http://marc.theaimsgroup.com/?l=bugtraq&m=104852250406896&w=2	Trust: 0.6
url:	/archive/1/316043	Trust: 0.3
url:	/archive/1/317222	Trust: 0.3

sources: CNVD: CNVD-2003-0844 // BID: 7176

CREDITS

The discovery of this vulnerability has been credited to Piotr Chytla <pch@isec.pl>.

Trust: 0.3

sources: BID: 7176

SOURCES

db:	CNVD	id:	CNVD-2003-0844
db:	BID	id:	7176

LAST UPDATE DATE

2022-05-17T02:01:43.240000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-0844	date:	2014-01-20T00:00:00
db:	BID	id:	7176	date:	2003-03-24T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-0844	date:	2003-03-24T00:00:00
db:	BID	id:	7176	date:	2003-03-24T00:00:00