Sign-up

ID

VAR-200510-0158


CVE

CVE-2005-3196


TITLE

Planet Technology FGSW-2402RS Switch Backdoor Password Reset Vulnerability

Trust: 0.9

sources: BID: 15014 // CNNVD: CNNVD-200510-085

DESCRIPTION

Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a default password, which allows attackers with physical access to the device's serial port to gain privileges. An attacker can exploit this vulnerability to gain administrative access to the switch; the consequences will vary depending on the network configuration. Reports indicate to exploit this vulnerability an attacker must have access to a machine directly connected to the vulnerable device through the RS-232 port connection. Though uncomfirmed this vulnerability may be remotely exploitable if access to the affected device exists using some other means. This would greatly affect possible exposure to this vulnerability

Trust: 1.26

sources: NVD: CVE-2005-3196 // BID: 15014 // VULHUB: VHN-14405

AFFECTED PRODUCTS

vendor:planet corpmodel:fgsw2402rsscope:eqversion:1.2_firmware

Trust: 1.6

vendor:planetmodel:technology fgsw-2402rsscope:eqversion:1.2

Trust: 0.3

sources: BID: 15014 // CNNVD: CNNVD-200510-085 // NVD: CVE-2005-3196

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-3196
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200510-085
value: MEDIUM

Trust: 0.6

VULHUB: VHN-14405
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-3196
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-14405
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-14405 // CNNVD: CNNVD-200510-085 // NVD: CVE-2005-3196

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3196

THREAT TYPE

local

Trust: 0.9

sources: BID: 15014 // CNNVD: CNNVD-200510-085

TYPE

Design Error

Trust: 0.9

sources: BID: 15014 // CNNVD: CNNVD-200510-085

EXTERNAL IDS

db:BIDid:15014

Trust: 2.0

db:NVDid:CVE-2005-3196

Trust: 1.7

db:SREASONid:53

Trust: 1.7

db:CNNVDid:CNNVD-200510-085

Trust: 0.7

db:BUGTRAQid:20051006 PLANET TECHNOLOGY CORP FGSW2402RS SWITCH DEFAULT PASSWORD /

Trust: 0.6

db:VULHUBid:VHN-14405

Trust: 0.1

sources: VULHUB: VHN-14405 // BID: 15014 // CNNVD: CNNVD-200510-085 // NVD: CVE-2005-3196

REFERENCES

url:http://www.securityfocus.com/bid/15014

Trust: 1.7

url:http://securityreason.com/securityalert/53

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=112861552020302&w=2

Trust: 1.0

url:http://marc.theaimsgroup.com/?l=bugtraq&m=112861552020302&w=2

Trust: 0.6

url:/archive/1/412644

Trust: 0.3

url:http://marc.info/?l=bugtraq&m=112861552020302&w=2

Trust: 0.1

sources: VULHUB: VHN-14405 // BID: 15014 // CNNVD: CNNVD-200510-085 // NVD: CVE-2005-3196

CREDITS

Luis Miguel Silva is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 15014 // CNNVD: CNNVD-200510-085

SOURCES

db:VULHUBid:VHN-14405
db:BIDid:15014
db:CNNVDid:CNNVD-200510-085
db:NVDid:CVE-2005-3196

LAST UPDATE DATE

2024-08-14T15:31:09.604000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-14405date:2016-10-18T00:00:00
db:BIDid:15014date:2005-10-06T00:00:00
db:CNNVDid:CNNVD-200510-085date:2005-10-20T00:00:00
db:NVDid:CVE-2005-3196date:2016-10-18T03:33:20.550

SOURCES RELEASE DATE

db:VULHUBid:VHN-14405date:2005-10-14T00:00:00
db:BIDid:15014date:2005-10-06T00:00:00
db:CNNVDid:CNNVD-200510-085date:2005-10-14T00:00:00
db:NVDid:CVE-2005-3196date:2005-10-14T10:02:00