Details of VAR-200610-0162

ID

VAR-200610-0162

CVE

CVE-2006-5382

TITLE

3Com Switch SS3 4400 Vulnerable to taking unauthorized actions

Trust: 0.8

sources: JVNDB: JVNDB-2006-001397

DESCRIPTION

3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned. 3Com SS3 4400 Switch products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to retrieve potentially sensitive information. The impact of successful exploits may allow various operations on the device, including disabling ports and reconfiguring a VLAN. Note that this issue may be exploited only through the management VLAN that the affected device is connected to. Firmware versions 5.11, 6.00, and 6.10 or earlier are vulnerable. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: 3Com SuperStack 3 Switch 4400 Information Disclosure SECUNIA ADVISORY ID: SA22818 VERIFY ADVISORY: http://secunia.com/advisories/22818/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: 3Com SuperStack 3 Switch 4400 Family http://secunia.com/product/450/ DESCRIPTION: A security issue has been reported in the 3Com SuperStack 3 Switch 4400 family, which can be exploited by malicious people to gain knowledge of sensitive information. Successful exploitation requires access to the management VLAN. SOLUTION: An update is reportedly available for customers with a software maintenance agreement or via the 3Com Partner Access site. PROVIDED AND/OR DISCOVERED BY: The vendor credits Andrew Brennan. ORIGINAL ADVISORY: http://www.3com.com/securityalert/alerts/3COM-06-004.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2006-5382 // JVNDB: JVNDB-2006-001397 // BID: 20736 // VULHUB: VHN-21490 // VULMON: CVE-2006-5382 // PACKETSTORM: 52075

AFFECTED PRODUCTS

vendor:	3com	model:	superstack 3 switch 4400	scope:	eq	version:	firmware_6.00	Trust: 1.6
vendor:	3com	model:	superstack 3 switch 4400	scope:	eq	version:	firmware_5.11	Trust: 1.6
vendor:	3com	model:	superstack 3 switch 4400	scope:	lte	version:	firmware_6.10	Trust: 1.0
vendor:	3com	model:	superstack 3 switch 4400	scope:	eq	version:	firmware 5.11	Trust: 0.8
vendor:	3com	model:	superstack 3 switch 4400	scope:	eq	version:	6.00	Trust: 0.8
vendor:	3com	model:	superstack 3 switch 4400	scope:	lte	version:	6.10	Trust: 0.8
vendor:	3com	model:	superstack 3 switch 4400	scope:	eq	version:	firmware_6.10	Trust: 0.6
vendor:	3com	model:	superstack switch se	scope:	eq	version:	34400.0	Trust: 0.3
vendor:	3com	model:	superstack switch pwr	scope:	eq	version:	34400.0	Trust: 0.3
vendor:	3com	model:	superstack switch fx	scope:	eq	version:	34400.0	Trust: 0.3
vendor:	3com	model:	superstack switch	scope:	eq	version:	34400.0	Trust: 0.3

sources: BID: 20736 // JVNDB: JVNDB-2006-001397 // CNNVD: CNNVD-200610-423 // NVD: CVE-2006-5382

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-5382
value:	HIGH
Trust: 1.0
NVD:	CVE-2006-5382
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200610-423
value:	HIGH
Trust: 0.6
VULHUB:	VHN-21490
value:	HIGH
Trust: 0.1
VULMON:	CVE-2006-5382
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-5382
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-21490
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-21490 // VULMON: CVE-2006-5382 // JVNDB: JVNDB-2006-001397 // CNNVD: CNNVD-200610-423 // NVD: CVE-2006-5382

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5382

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200610-423

TYPE

Configuration Error

Trust: 0.9

sources: BID: 20736 // CNNVD: CNNVD-200610-423

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001397

PATCH

title:

Top Page

url:

http://h17007.www1.hp.com/us/en/

Trust: 0.8

sources: JVNDB: JVNDB-2006-001397

EXTERNAL IDS

db:	NVD	id:	CVE-2006-5382	Trust: 2.9
db:	BID	id:	20736	Trust: 2.1
db:	SECUNIA	id:	22818	Trust: 1.9
db:	VUPEN	id:	ADV-2006-4184	Trust: 1.7
db:	SECTRACK	id:	1017128	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-001397	Trust: 0.8
db:	CNNVD	id:	CNNVD-200610-423	Trust: 0.7
db:	XF	id:	3	Trust: 0.6
db:	XF	id:	29779	Trust: 0.6
db:	VULHUB	id:	VHN-21490	Trust: 0.1
db:	VUPEN	id:	2006/4184	Trust: 0.1
db:	VULMON	id:	CVE-2006-5382	Trust: 0.1
db:	PACKETSTORM	id:	52075	Trust: 0.1

sources: VULHUB: VHN-21490 // VULMON: CVE-2006-5382 // BID: 20736 // JVNDB: JVNDB-2006-001397 // PACKETSTORM: 52075 // CNNVD: CNNVD-200610-423 // NVD: CVE-2006-5382

REFERENCES

url:	http://www.securityfocus.com/bid/20736	Trust: 1.9
url:	http://www.3com.com/securityalert/alerts/3com-06-004.html	Trust: 1.9
url:	http://securitytracker.com/id?1017128	Trust: 1.8
url:	http://secunia.com/advisories/22818	Trust: 1.8
url:	http://www.vupen.com/english/advisories/2006/4184	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/29779	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5382	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5382	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2006/4184	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/29779	Trust: 0.6
url:	http://www.3com.com/products/en_us/result.jsp?selected=6&sort=effdt&sku=3crwe754g72-a&order=desc	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://secunia.com/product/450/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://corporate.secunia.com/products/48/?r=l	Trust: 0.1
url:	http://secunia.com/advisories/22818/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/15/?r=l	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-21490 // VULMON: CVE-2006-5382 // BID: 20736 // JVNDB: JVNDB-2006-001397 // PACKETSTORM: 52075 // CNNVD: CNNVD-200610-423 // NVD: CVE-2006-5382

CREDITS

Andrew Brennan is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 20736 // CNNVD: CNNVD-200610-423

SOURCES

db:	VULHUB	id:	VHN-21490
db:	VULMON	id:	CVE-2006-5382
db:	BID	id:	20736
db:	JVNDB	id:	JVNDB-2006-001397
db:	PACKETSTORM	id:	52075
db:	CNNVD	id:	CNNVD-200610-423
db:	NVD	id:	CVE-2006-5382

LAST UPDATE DATE

2024-08-14T12:25:03.619000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-21490	date:	2017-07-20T00:00:00
db:	VULMON	id:	CVE-2006-5382	date:	2017-07-20T00:00:00
db:	BID	id:	20736	date:	2006-10-26T18:38:00
db:	JVNDB	id:	JVNDB-2006-001397	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200610-423	date:	2006-10-30T00:00:00
db:	NVD	id:	CVE-2006-5382	date:	2017-07-20T01:33:42.087

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-21490	date:	2006-10-25T00:00:00
db:	VULMON	id:	CVE-2006-5382	date:	2006-10-25T00:00:00
db:	BID	id:	20736	date:	2006-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2006-001397	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	52075	date:	2006-11-16T03:19:38
db:	CNNVD	id:	CNNVD-200610-423	date:	2006-10-25T00:00:00
db:	NVD	id:	CVE-2006-5382	date:	2006-10-25T23:07:00