Details of VAR-200312-0483

ID

VAR-200312-0483

CVE

CVE-2003-1482

TITLE

Microsoft MN-500 Clear text password disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200312-162

DESCRIPTION

The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access. A weakness has been reported for the MN-500 device that may result in the disclosure of administrative credentials to remote attackers. Microsoft MN-500 is a wireless access device that supports 802.11B wireless network. According to the report, the problem is that the backup configuration file stores the administrator password in clear text, and the attacker can control the entire device by querying the backup file to obtain authentication information

Trust: 1.26

sources: NVD: CVE-2003-1482 // BID: 7496 // VULHUB: VHN-8307

AFFECTED PRODUCTS

vendor:	microsoft	model:	mn-500 wireless base station	scope:	eq	version:	*	Trust: 1.0
vendor:	microsoft	model:	mn-500 wireless base station	scope:	-	version:	-	Trust: 0.6
vendor:	microsoft	model:	mn-500	scope:	-	version:	-	Trust: 0.3

sources: BID: 7496 // CNNVD: CNNVD-200312-162 // NVD: CVE-2003-1482

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1482
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200312-162
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-8307
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-1482
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-8307
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8307 // CNNVD: CNNVD-200312-162 // NVD: CVE-2003-1482

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.1

sources: VULHUB: VHN-8307 // NVD: CVE-2003-1482

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200312-162

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-200312-162

EXTERNAL IDS

db:	BID	id:	7496	Trust: 2.0
db:	SECTRACK	id:	1006691	Trust: 1.7
db:	NVD	id:	CVE-2003-1482	Trust: 1.7
db:	CNNVD	id:	CNNVD-200312-162	Trust: 0.7
db:	NSFOCUS	id:	4775	Trust: 0.6
db:	VULHUB	id:	VHN-8307	Trust: 0.1

sources: VULHUB: VHN-8307 // BID: 7496 // CNNVD: CNNVD-200312-162 // NVD: CVE-2003-1482

REFERENCES

url:	http://www.securityfocus.com/bid/7496	Trust: 1.7
url:	http://securitytracker.com/id?1006691	Trust: 1.7
url:	http://www.kurczaba.com/html/security/0305031.htm	Trust: 1.1
url:	http://www.nsfocus.net/vulndb/4775	Trust: 0.6
url:	http://www.microsoft.com/hardware/broadbandnetworking/wirelessbasestation.aspx	Trust: 0.3

sources: VULHUB: VHN-8307 // BID: 7496 // CNNVD: CNNVD-200312-162 // NVD: CVE-2003-1482

CREDITS

Paul Kurczaba※ pkurczaba@att.net

Trust: 0.6

sources: CNNVD: CNNVD-200312-162

SOURCES

db:	VULHUB	id:	VHN-8307
db:	BID	id:	7496
db:	CNNVD	id:	CNNVD-200312-162
db:	NVD	id:	CVE-2003-1482

LAST UPDATE DATE

2024-08-14T15:36:07.895000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8307	date:	2008-09-05T00:00:00
db:	BID	id:	7496	date:	2003-05-03T00:00:00
db:	CNNVD	id:	CNNVD-200312-162	date:	2003-12-31T00:00:00
db:	NVD	id:	CVE-2003-1482	date:	2008-09-05T20:37:03.260

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8307	date:	2003-12-31T00:00:00
db:	BID	id:	7496	date:	2003-05-03T00:00:00
db:	CNNVD	id:	CNNVD-200312-162	date:	2003-05-03T00:00:00
db:	NVD	id:	CVE-2003-1482	date:	2003-12-31T05:00:00