Details of VAR-200404-0064

ID

VAR-200404-0064

CVE

CVE-2004-1970

TITLE

Samsung SmartEther Switch Firmware verification bypasses the vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200404-089

DESCRIPTION

Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message. When accessing a Samsung SmartEther switch, via the telnet service or serial connection, authentication is required and the user is presented with a logon screen. It has been reported that it is possible to bypass this authentication procedure. An attacker may potentially exploit this condition to, for example, modify static MAC address mapping and perhaps enable man-in-the-middle style attacks. Other attacks are certainly possible. Samsung SmartEther SS6215S is a network switch. When connecting to a Samsung SmartEther switch, enter the user name \"admin\", enter the longest combination of characters in the password field (unable to enter) as the password data, and then press Enter, although it will prompt that the password does not match, but into the system

Trust: 1.35

sources: NVD: CVE-2004-1970 // BID: 10219 // VULHUB: VHN-10398 // VULMON: CVE-2004-1970

AFFECTED PRODUCTS

vendor:	securecomputing	model:	smartether ss6215s switch	scope:	eq	version:	*	Trust: 1.0
vendor:	securecomputing	model:	smartether ss6215s switch	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	smartether ss6215s switch	scope:	-	version:	-	Trust: 0.3

sources: BID: 10219 // CNNVD: CNNVD-200404-089 // NVD: CVE-2004-1970

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1970
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200404-089
value:	HIGH
Trust: 0.6
VULHUB:	VHN-10398
value:	HIGH
Trust: 0.1
VULMON:	CVE-2004-1970
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1970
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-10398
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10398 // VULMON: CVE-2004-1970 // CNNVD: CNNVD-200404-089 // NVD: CVE-2004-1970

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1970

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200404-089

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200404-089

EXTERNAL IDS

db:	BID	id:	10219	Trust: 2.1
db:	NVD	id:	CVE-2004-1970	Trust: 1.8
db:	CNNVD	id:	CNNVD-200404-089	Trust: 0.7
db:	XF	id:	15973	Trust: 0.6
db:	BUGTRAQ	id:	20040426 SAMSUNG SMARTETHER SS6215S SWITCH	Trust: 0.6
db:	VULHUB	id:	VHN-10398	Trust: 0.1
db:	VULMON	id:	CVE-2004-1970	Trust: 0.1

sources: VULHUB: VHN-10398 // VULMON: CVE-2004-1970 // BID: 10219 // CNNVD: CNNVD-200404-089 // NVD: CVE-2004-1970

REFERENCES

url:	http://www.securityfocus.com/bid/10219	Trust: 1.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15973	Trust: 1.2
url:	http://marc.info/?l=bugtraq&m=108300407424571&w=2	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/15973	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108300407424571&w=2	Trust: 0.6
url:	/archive/1/361448	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=108300407424571&w=2	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-10398 // VULMON: CVE-2004-1970 // BID: 10219 // CNNVD: CNNVD-200404-089 // NVD: CVE-2004-1970

CREDITS

Kyle Duren※ acidrain_ask@pixitha.com

Trust: 0.6

sources: CNNVD: CNNVD-200404-089

SOURCES

db:	VULHUB	id:	VHN-10398
db:	VULMON	id:	CVE-2004-1970
db:	BID	id:	10219
db:	CNNVD	id:	CNNVD-200404-089
db:	NVD	id:	CVE-2004-1970

LAST UPDATE DATE

2024-08-14T15:04:48.034000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10398	date:	2017-07-11T00:00:00
db:	VULMON	id:	CVE-2004-1970	date:	2017-07-11T00:00:00
db:	BID	id:	10219	date:	2004-04-26T00:00:00
db:	CNNVD	id:	CNNVD-200404-089	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1970	date:	2017-07-11T01:31:30.793

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10398	date:	2004-04-26T00:00:00
db:	VULMON	id:	CVE-2004-1970	date:	2004-04-26T00:00:00
db:	BID	id:	10219	date:	2004-04-26T00:00:00
db:	CNNVD	id:	CNNVD-200404-089	date:	2004-04-26T00:00:00
db:	NVD	id:	CVE-2004-1970	date:	2004-04-26T04:00:00