Sign-up

ID

VAR-200304-0064


CVE

CVE-2002-1440


TITLE

Gateway GS-400 NAS Servers There is a default administrator password vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200304-081

DESCRIPTION

The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges. The GS-400 is a storage machine distributed by Gateway. A default vendor password of "0001n" is used on all GS-400 servers. This password is unchangeable via the administrative interface. This could allow an attacker with the ability to remotely connect to the server to gain unauthorized access. Gateway GS-400 server is an IDE RAID system service software, which can be used under the Linux operating system. There is a WEB-based management console in the system, which runs with \"admin\" user authority. This password is saved in the password file in un-shadow mode, and the length of the password used is not strong enough, as long as it can be cracked by brute force guessing (5^36 times)

Trust: 1.26

sources: NVD: CVE-2002-1440 // BID: 5472 // VULHUB: VHN-5825

AFFECTED PRODUCTS

vendor:gatewaymodel:gs-400scope:eqversion:*

Trust: 1.0

vendor:gatewaymodel:gs-400scope: - version: -

Trust: 0.6

vendor:gatewaymodel:gs-400scope:eqversion:0

Trust: 0.3

sources: BID: 5472 // CNNVD: CNNVD-200304-081 // NVD: CVE-2002-1440

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1440
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200304-081
value: CRITICAL

Trust: 0.6

VULHUB: VHN-5825
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-1440
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-5825
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-5825 // CNNVD: CNNVD-200304-081 // NVD: CVE-2002-1440

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1440

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200304-081

TYPE

Design Error

Trust: 0.9

sources: BID: 5472 // CNNVD: CNNVD-200304-081

EXTERNAL IDS

db:BIDid:5472

Trust: 2.0

db:NVDid:CVE-2002-1440

Trust: 2.0

db:CNNVDid:CNNVD-200304-081

Trust: 0.7

db:BUGTRAQid:20020814 TRIVIAL ROOT COMPROMISE IN GATEWAY GS-400 NAS SERVERS

Trust: 0.6

db:XFid:400

Trust: 0.6

db:VULHUBid:VHN-5825

Trust: 0.1

sources: VULHUB: VHN-5825 // BID: 5472 // CNNVD: CNNVD-200304-081 // NVD: CVE-2002-1440

REFERENCES

url:http://www.securityfocus.com/bid/5472

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2002-08/0126.html

Trust: 1.7

url:http://www.iss.net/security_center/static/9864.php

Trust: 1.7

sources: VULHUB: VHN-5825 // CNNVD: CNNVD-200304-081 // NVD: CVE-2002-1440

CREDITS

Keith T. Morgan※ keith.morgan@terradon.com

Trust: 0.6

sources: CNNVD: CNNVD-200304-081

SOURCES

db:VULHUBid:VHN-5825
db:BIDid:5472
db:CNNVDid:CNNVD-200304-081
db:NVDid:CVE-2002-1440

LAST UPDATE DATE

2024-08-14T14:07:36.659000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-5825date:2008-09-05T00:00:00
db:BIDid:5472date:2009-07-11T15:56:00
db:CNNVDid:CNNVD-200304-081date:2005-10-20T00:00:00
db:NVDid:CVE-2002-1440date:2008-09-05T20:30:36.467

SOURCES RELEASE DATE

db:VULHUBid:VHN-5825date:2003-04-11T00:00:00
db:BIDid:5472date:2002-08-14T00:00:00
db:CNNVDid:CNNVD-200304-081date:2002-08-13T00:00:00
db:NVDid:CVE-2002-1440date:2003-04-11T04:00:00