Details of VAR-200401-0027

ID

VAR-200401-0027

CVE

CVE-2003-0982

TITLE

Cisco ACNS contains buffer overflow vulnerability in the authentication module when supplied an overly long password

Trust: 0.8

sources: CERT/CC: VU#352462

DESCRIPTION

Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password. Cisco has reported a remotely exploitable buffer overrun in ACNS authentication libraries, which are typically deployed on various Content devices. The following devices running ACNS software versions prior to 4.2.11 or 5.0.5 are affected: Content Routers 4400 series Content Distribution Manager 4600 series Content Engine 500 and 7300 series Content Engine Module for Cisco Routers 2600, 3600 and 3700 series This issue could be potentially exploited to execute arbitrary code on a vulnerable device, resulting in full compromise. Denial of services is another possible consequence of exploitation. Cisco ACNS provides networking solutions for the next generation of Cisco enterprise content. There is a buffer overflow problem in the authentication library of Cisco ACNS. Of course, this problem can also cause the device to deny service

Trust: 1.98

sources: NVD: CVE-2003-0982 // CERT/CC: VU#352462 // BID: 9187 // VULHUB: VHN-7807

AFFECTED PRODUCTS

vendor:	cisco	model:	content engine module	scope:	eq	version:	for_cisco_router_3600_series	Trust: 1.6
vendor:	cisco	model:	content engine	scope:	eq	version:	7320_4.1	Trust: 1.6
vendor:	cisco	model:	content engine module	scope:	eq	version:	for_cisco_router_3700_series	Trust: 1.6
vendor:	cisco	model:	content engine	scope:	eq	version:	7320_4.0	Trust: 1.6
vendor:	cisco	model:	content engine module	scope:	eq	version:	for_cisco_router_2600_series	Trust: 1.6
vendor:	cisco	model:	content engine	scope:	eq	version:	7320_3.1	Trust: 1.6
vendor:	cisco	model:	content engine	scope:	eq	version:	7320	Trust: 1.3
vendor:	cisco	model:	content engine	scope:	eq	version:	590	Trust: 1.3
vendor:	cisco	model:	content engine	scope:	eq	version:	560	Trust: 1.3
vendor:	cisco	model:	content engine	scope:	eq	version:	507	Trust: 1.3
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	4.2	Trust: 1.0
vendor:	cisco	model:	content router 4450	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	507_2.2_.0	Trust: 1.0
vendor:	cisco	model:	content router 4430	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4650	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	560_4.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	590_3.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	507_4.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	590_2.2_.0	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.0	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4670	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	590_4.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	560_2.2_.0	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	5.0.3	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	4.2.9	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	4.2.7	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4630	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	enterprise content delivery network software	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	7320_2.2_.0	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4630	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4650	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	590_4.0	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	4.1.3	Trust: 1.0
vendor:	cisco	model:	application and content networking software	scope:	eq	version:	4.0.3	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	507_4.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	560_4.1	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4650	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	507_3.1	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4630	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	enterprise content delivery network software	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	560_3.1	Trust: 1.0
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	content router 4450	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	content router 4430	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	content router 4430	scope:	eq	version:	4.1	Trust: 0.6
vendor:	cisco	model:	content router 4430	scope:	eq	version:	4.0	Trust: 0.6
vendor:	cisco	model:	content router	scope:	eq	version:	4450	Trust: 0.3
vendor:	cisco	model:	content router	scope:	eq	version:	44304.1	Trust: 0.3
vendor:	cisco	model:	content router	scope:	eq	version:	44304.0	Trust: 0.3
vendor:	cisco	model:	content router	scope:	eq	version:	4430	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	3700	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	3600	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	2600	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73204.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73204.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73203.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73202.2.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5904.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5904.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5903.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5902.2.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5604.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5604.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5603.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5602.2.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5074.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5074.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5073.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5072.2.0	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	4670	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46504.1	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46504.0	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	4650	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46304.1	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46304.0	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	4630	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	ne	version:	5.1	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	ne	version:	5.0.5	Trust: 0.3
vendor:	cisco	model:	application & content networking software	scope:	ne	version:	4.2.11	Trust: 0.3

sources: CERT/CC: VU#352462 // BID: 9187 // CNNVD: CNNVD-200401-016 // NVD: CVE-2003-0982

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0982
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#352462
value:	12.96
Trust: 0.8
CNNVD:	CNNVD-200401-016
value:	HIGH
Trust: 0.6
VULHUB:	VHN-7807
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-0982
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7807
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#352462 // VULHUB: VHN-7807 // CNNVD: CNNVD-200401-016 // NVD: CVE-2003-0982

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0982

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200401-016

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200401-016

EXTERNAL IDS

db:	BID	id:	9187	Trust: 2.8
db:	SECUNIA	id:	10409	Trust: 2.5
db:	CERT/CC	id:	VU#352462	Trust: 2.5
db:	NVD	id:	CVE-2003-0982	Trust: 1.7
db:	XF	id:	13945	Trust: 1.4
db:	CNNVD	id:	CNNVD-200401-016	Trust: 0.7
db:	CISCO	id:	20031210 VULNERABILITY IN AUTHENTICATION LIBRARY FOR ACNS	Trust: 0.6
db:	VULHUB	id:	VHN-7807	Trust: 0.1

sources: CERT/CC: VU#352462 // VULHUB: VHN-7807 // BID: 9187 // CNNVD: CNNVD-200401-016 // NVD: CVE-2003-0982

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20031210-acns-auth.shtml	Trust: 2.8
url:	http://www.securityfocus.com/bid/9187	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/352462	Trust: 1.7
url:	http://secunia.com/advisories/10409	Trust: 1.7
url:	http://xforce.iss.net/xforce/xfdb/13945	Trust: 1.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/13945	Trust: 1.1
url:	http://www.secunia.com/advisories/10409/	Trust: 0.8

sources: CERT/CC: VU#352462 // VULHUB: VHN-7807 // BID: 9187 // CNNVD: CNNVD-200401-016 // NVD: CVE-2003-0982

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200401-016

SOURCES

db:	CERT/CC	id:	VU#352462
db:	VULHUB	id:	VHN-7807
db:	BID	id:	9187
db:	CNNVD	id:	CNNVD-200401-016
db:	NVD	id:	CVE-2003-0982

LAST UPDATE DATE

2024-08-14T14:42:21.818000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#352462	date:	2003-12-23T00:00:00
db:	VULHUB	id:	VHN-7807	date:	2018-10-30T00:00:00
db:	BID	id:	9187	date:	2003-12-10T00:00:00
db:	CNNVD	id:	CNNVD-200401-016	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-0982	date:	2018-10-30T16:25:18.480

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#352462	date:	2003-12-18T00:00:00
db:	VULHUB	id:	VHN-7807	date:	2004-01-05T00:00:00
db:	BID	id:	9187	date:	2003-12-10T00:00:00
db:	CNNVD	id:	CNNVD-200401-016	date:	2003-12-10T00:00:00
db:	NVD	id:	CVE-2003-0982	date:	2004-01-05T05:00:00