Details of VAR-200306-0130

ID

VAR-200306-0130

TITLE

OptiSwitch 400/800 Unauthorized Remote Access Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2003-1908 // BID: 8036

DESCRIPTION

Switches developed by the OptiSwitch 400 and 800 Series MRV Communications. There is a problem with the OptiSwitch 400 and 800 series initializing connections, which can be exploited by remote attackers without authorization to access the switch without a password. When a remote user connects to the device via telnet or console and initiates a special keystroke request, the switch is not authorized to access the switch with root privileges. A vulnerability has been reported for the OptiSwitch device which could allow an attacker to gain unauthorized remote access. When the sequence is processed, remote access will be granted to the attacker. *** The vendor has responded and has reported that the vulnerability does not infact exist

Trust: 0.81

sources: CNVD: CNVD-2003-1908 // BID: 8036

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-1908

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	mrv	model:	communications optiswitch	scope:	eq	version:	800	Trust: 0.3
vendor:	mrv	model:	communications optiswitch	scope:	eq	version:	400	Trust: 0.3

sources: CNVD: CNVD-2003-1908 // BID: 8036

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-1908
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2003-1908
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-1908

THREAT TYPE

network

Trust: 0.3

sources: BID: 8036

TYPE

Design Error

Trust: 0.3

sources: BID: 8036

EXTERNAL IDS

db:	BID	id:	8036	Trust: 0.9
db:	CNVD	id:	CNVD-2003-1908	Trust: 0.6

sources: CNVD: CNVD-2003-1908 // BID: 8036

REFERENCES

url:	http://marc.theaimsgroup.com/?l=bugtraq&m=105657549122533&w=2	Trust: 0.6
url:	http://www.mrv.com/product/mrv-os-family/	Trust: 0.3
url:	/archive/1/326754	Trust: 0.3

sources: CNVD: CNVD-2003-1908 // BID: 8036

CREDITS

This vulnerability was reported by slash@istc.kg.

Trust: 0.3

sources: BID: 8036

SOURCES

db:	CNVD	id:	CNVD-2003-1908
db:	BID	id:	8036

LAST UPDATE DATE

2022-05-17T02:12:11.194000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-1908	date:	2014-01-20T00:00:00
db:	BID	id:	8036	date:	2003-06-25T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-1908	date:	2003-06-25T00:00:00
db:	BID	id:	8036	date:	2003-06-25T00:00:00