Search criteria
8 vulnerabilities found for aos by alcatel
VAR-200810-0216
Vulnerability from variot - Updated: 2023-12-18 13:44Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. Alcatel-Lucent OmniSwitch products are prone to a remote buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the affected software. Failed exploit attempts will result in a denial-of-service condition. Alcatel-Lucent OmniSwitch is a network switch product of French Alcatel-Lucent (Alcatel-Lucent). If the user sends 2392 bytes of data in the Cookie: Session= header, this overflow can be triggered, resulting in the execution of arbitrary instructions. The number of bytes required to trigger this overflow varies with the AOS version. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Alcatel-Lucent OmniSwitch Series Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA31435
VERIFY ADVISORY: http://secunia.com/advisories/31435/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From local network
OPERATING SYSTEM: Alcatel-Lucent OmniSwitch 7000 Series http://secunia.com/product/789/ Alcatel-Lucent OmniSwitch 6600 Series http://secunia.com/product/19553/ Alcatel-Lucent OmniSwitch 6800 Series http://secunia.com/product/19554/ Alcatel-Lucent OmniSwitch 6850 Series http://secunia.com/product/19555/ Alcatel-Lucent OmniSwitch 9000 Series http://secunia.com/product/19556/
DESCRIPTION: Deral Heiland has reported a vulnerability in various OmniSwitch products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in the following Alcatel OmniSwitch products: * OS7000 Series * OS6600 Series * OS6800 Series * OS6850 Series * OS9000 Series
SOLUTION: Update to the following versions: * 5.4.1.429.R01 or higher * 5.1.6.463.R02 or higher * 6.1.3.965.R01 or higher * 6.1.5.595.R01 or higher * 6.3.1.966.R01 or higher
Contact the Alcatel-Lucent Technical Support for availability of other releases.
PROVIDED AND/OR DISCOVERED BY: Deral Heiland, Layered Defense Research
ORIGINAL ADVISORY: Alcatel-Lucent: http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm
Layered Defense Research: http://www.layereddefense.com/alcatel12aug.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200810-0216",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os6850"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os9000"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os7000"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os6600"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os6800"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.1.5"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "5.1.6.463.r02"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "5.1"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.1.3.965.r01"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.3.1.966.r01"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.1.5.595.r01"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.3"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "5.4.1.429.r01"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.1.3"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "5.4"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.1.3"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.1.5.595.r01"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.1.3.965.r01"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.4"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.3.1.966.r01"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.4.1.429.r01"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.3"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.1.5"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.1.6.463.r02"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.1"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "5.1.6.463"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6.1.3.965"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "5.4.1.429"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6.3.1.966"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "5.1.1"
},
{
"model": "omniswitch os9000 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch os7000 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch os6850 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch os6800 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch os6600 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "30652"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.3.965.r01",
"versionStartIncluding": "6.1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.5.595.r01",
"versionStartIncluding": "6.1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.3.1.966.r01",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.1.429.r01",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.6.463.r02",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os9000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os6600:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os6850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os6800:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os7000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-4383"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Deral Heiland\u203bhttp://www.layereddefense.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
],
"trust": 0.6
},
"cve": "CVE-2008-4383",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2008-4383",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-34508",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-4383",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200810-030",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-34508",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. Alcatel-Lucent OmniSwitch products are prone to a remote buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied data. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected software. Failed exploit attempts will result in a denial-of-service condition. Alcatel-Lucent OmniSwitch is a network switch product of French Alcatel-Lucent (Alcatel-Lucent). If the user sends 2392 bytes of data in the Cookie: Session= header, this overflow can be triggered, resulting in the execution of arbitrary instructions. The number of bytes required to trigger this overflow varies with the AOS version. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nAlcatel-Lucent OmniSwitch Series Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA31435\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31435/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nAlcatel-Lucent OmniSwitch 7000 Series\nhttp://secunia.com/product/789/\nAlcatel-Lucent OmniSwitch 6600 Series\nhttp://secunia.com/product/19553/\nAlcatel-Lucent OmniSwitch 6800 Series\nhttp://secunia.com/product/19554/\nAlcatel-Lucent OmniSwitch 6850 Series\nhttp://secunia.com/product/19555/\nAlcatel-Lucent OmniSwitch 9000 Series\nhttp://secunia.com/product/19556/\n\nDESCRIPTION:\nDeral Heiland has reported a vulnerability in various OmniSwitch\nproducts, which can be exploited by malicious people to cause a DoS\n(Denial of Service) or to compromise a vulnerable system. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nThe vulnerability is reported in the following Alcatel OmniSwitch\nproducts:\n* OS7000 Series\n* OS6600 Series\n* OS6800 Series\n* OS6850 Series\n* OS9000 Series\n\nSOLUTION:\nUpdate to the following versions:\n* 5.4.1.429.R01 or higher\n* 5.1.6.463.R02 or higher\n* 6.1.3.965.R01 or higher\n* 6.1.5.595.R01 or higher\n* 6.3.1.966.R01 or higher\n\nContact the Alcatel-Lucent Technical Support for availability of\nother releases. \n\nPROVIDED AND/OR DISCOVERED BY:\nDeral Heiland, Layered Defense Research\n\nORIGINAL ADVISORY:\nAlcatel-Lucent:\nhttp://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm\n\nLayered Defense Research:\nhttp://www.layereddefense.com/alcatel12aug.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "BID",
"id": "30652"
},
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "PACKETSTORM",
"id": "68969"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-4383",
"trust": 2.8
},
{
"db": "BID",
"id": "30652",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "31435",
"trust": 1.8
},
{
"db": "SREASON",
"id": "4347",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020657",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2346",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493",
"trust": 0.8
},
{
"db": "XF",
"id": "44400",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080812 LAYERED DEFENSE RESEARCH ADVISORY: ALCATEL-LUCENT OMNISWITCH PRODUCTS, STACK BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-34508",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68969",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "BID",
"id": "30652"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "PACKETSTORM",
"id": "68969"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"id": "VAR-200810-0216",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:44:58.237000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.alcatel-lucent.com"
},
{
"title": "PR 122812",
"trust": 0.8,
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/omniswitch.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/omniswitch.htm"
},
{
"trust": 1.8,
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/30652"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020657"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31435"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/4347"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2346"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4383"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4383"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44400"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495343/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.alcatel-lucent.com/"
},
{
"trust": 0.3,
"url": "http://www1.alcatel-lucent.com/products/keywordresults.jsp?_requestid=28458"
},
{
"trust": 0.3,
"url": "/archive/1/495343"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31435/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19554/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19553/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19555/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/789/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19556/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "BID",
"id": "30652"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "PACKETSTORM",
"id": "68969"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "BID",
"id": "30652"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "PACKETSTORM",
"id": "68969"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-34508"
},
{
"date": "2008-08-06T00:00:00",
"db": "BID",
"id": "30652"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"date": "2008-08-13T01:46:19",
"db": "PACKETSTORM",
"id": "68969"
},
{
"date": "2008-10-03T22:22:41.057000",
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"date": "2008-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-34508"
},
{
"date": "2015-05-07T17:25:00",
"db": "BID",
"id": "30652"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"date": "2018-11-02T13:07:01.850000",
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"date": "2009-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel OmniSwitch Device stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
],
"trust": 0.6
}
}
VAR-200212-0002
Vulnerability from variot - Updated: 2023-12-18 13:41Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. This gives anyone access to the OmniSwitch's Vx-Works operating system without requiring a password. Alcatel Operating System (AOS) version 5.1.1 Works Alcatel OmniSwitch 7700/7800 The switch was used during development telnet Port for server (6778/TCP) Is ready for continuous use. this telnet By using the service, you do not need a password, OmniSwitch of Vx-Works operating system Can be accessed.A third party could remotely gain control of the vulnerable device. As a result, unauthorized access, unauthorized monitoring, information leakage, denial of service (denial-of-service, DoS) It may be accompanied by dangers such as attacks. OmniSwitch 7700/7800 LAN switch runs Alcatel Operating System (AOS) operating system. This service is used to access the Wind River Vx-Works operating system during the development phase, but before the product is released No removal. Attackers can use this service to control the entire system. It is distributed and maintained by Alcatel. It has been discovered that an unintended back door is built into some releases of AOS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aos",
"scope": "eq",
"trust": 1.6,
"vendor": "alcatel",
"version": "5.1.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.1.1"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "aos",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "5.1.1"
},
{
"model": "aos .r03",
"scope": "ne",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "5.1.1"
},
{
"model": "aos .r02",
"scope": "ne",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "5.1.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1272"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Mirza Ahmad\u203b da@securityfocus.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2002-1272",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1272",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#181721",
"trust": 0.8,
"value": "49.50"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-022",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2002-1272",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. This gives anyone access to the OmniSwitch\u0027s Vx-Works operating system without requiring a password. Alcatel Operating System (AOS) version 5.1.1 Works Alcatel OmniSwitch 7700/7800 The switch was used during development telnet Port for server (6778/TCP) Is ready for continuous use. this telnet By using the service, you do not need a password, OmniSwitch of Vx-Works operating system Can be accessed.A third party could remotely gain control of the vulnerable device. As a result, unauthorized access, unauthorized monitoring, information leakage, denial of service (denial-of-service, DoS) It may be accompanied by dangers such as attacks. OmniSwitch 7700/7800 LAN switch runs Alcatel Operating System (AOS) operating system. This service is used to access the Wind River Vx-Works operating system during the development phase, but before the product is released No removal. Attackers can use this service to control the entire system. It is distributed and maintained by Alcatel. \nIt has been discovered that an unintended back door is built into some releases of AOS",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1272",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#181721",
"trust": 3.3
},
{
"db": "BID",
"id": "6220",
"trust": 2.0
},
{
"db": "XF",
"id": "10664",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2002-4084",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2002-32",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2002-1272",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"id": "VAR-200212-0002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-4084"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-4084"
}
]
},
"last_update_date": "2023-12-18T13:41:03.679000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.kb.cert.org/vuls/id/181721"
},
{
"trust": 2.0,
"url": "http://www.cert.org/advisories/ca-2002-32.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/6220"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/10664"
},
{
"trust": 1.1,
"url": "http://www.alcatel.com/support"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
},
{
"trust": 0.8,
"url": "http://www.ind.alcatel.com/nextgen/omniswitch_7000_brief.pdf"
},
{
"trust": 0.8,
"url": "http://www.ind.alcatel.com/specs/index.cfm?cnt=7000"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1272"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vn/jvnca-2002-32/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2002-1272"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-11-20T00:00:00",
"db": "CERT/CC",
"id": "VU#181721"
},
{
"date": "2002-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"date": "2002-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"date": "2002-11-21T00:00:00",
"db": "BID",
"id": "6220"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"date": "2002-12-11T05:00:00",
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"date": "2002-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-11-21T00:00:00",
"db": "CERT/CC",
"id": "VU#181721"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"date": "2009-07-11T19:16:00",
"db": "BID",
"id": "6220"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"date": "2017-10-10T01:30:10.453000",
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel Operating System (AOS) does not require a password for accessing the telnet server",
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "6220"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
],
"trust": 0.9
}
}
FKIE_CVE-2008-4383
Vulnerability from fkie_nvd - Published: 2008-10-03 22:22 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alcatel | aos | * | |
| alcatel | aos | * | |
| alcatel | aos | * | |
| alcatel | aos | * | |
| alcatel | aos | * | |
| alcatel-lucent | omniswitch | os6600 | |
| alcatel-lucent | omniswitch | os6800 | |
| alcatel-lucent | omniswitch | os6850 | |
| alcatel-lucent | omniswitch | os7000 | |
| alcatel-lucent | omniswitch | os9000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A279F1-071D-4863-9B8A-203DC16F93B2",
"versionEndExcluding": "5.1.6.463.r02",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F42552F9-66F9-4BAE-B9D1-A26493BFC03B",
"versionEndExcluding": "5.4.1.429.r01",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD33FE30-180C-4595-A132-FAFD6DF3ACB3",
"versionEndExcluding": "6.1.3.965.r01",
"versionStartIncluding": "6.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CD9501-9110-4BDB-8BB8-E1E109A0E902",
"versionEndExcluding": "6.1.5.595.r01",
"versionStartIncluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8892FF-96F1-4249-A9E2-DCCB0B251CA6",
"versionEndExcluding": "6.3.1.966.r01",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch:os6600:*:*:*:*:*:*:*",
"matchCriteriaId": "18275D45-CBFB-4F72-AED3-50CF6B26A58D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch:os6800:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF0C1-2359-445F-B5E2-72E754F72C9D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch:os6850:*:*:*:*:*:*:*",
"matchCriteriaId": "3EAD34DA-3CB4-4E7E-B486-07E9F2796AC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch:os7000:*:*:*:*:*:*:*",
"matchCriteriaId": "A3768D0F-92EC-4F4B-AD24-11B0459903AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch:os9000:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7A3488-15B6-4EB3-B478-5EF005997EB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el servidor web de gesti\u00f3n embebido Agranet-Emweb de Alcatel OmniSwitch dispositivos OS7000, OS6600, OS6800, OS6850, y OS9000 Series con AoS 5.1 versiones anteriores a v5.1.6.463.R02, 5.4 versiones anteriores a v5.4.1.429.R01, 6.1.3 versiones anteriores a v6.1.3.965.R01, 6.1.5 versiones anteriores a v6.1.5.595.R01, y 6.3 versiones anteriores a v6.3.1.966.R01 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cookie Session."
}
],
"id": "CVE-2008-4383",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-03T22:22:41.057",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31435"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4347"
},
{
"source": "cret@cert.org",
"tags": [
"Broken Link"
],
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30652"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020657"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2346"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2002-1272
Vulnerability from fkie_nvd - Published: 2002-12-11 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.cert.org/advisories/CA-2002-32.html | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/181721 | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/6220 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/10664 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-32.html | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/181721 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/6220 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/10664 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:alcatel:aos:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCA5F72-E296-4FE9-9729-1B6C5DD7AE54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges."
},
{
"lang": "es",
"value": "Los conmutadores Alcatel OmniSwitch 7700/7800 en los que corre AOS 5.1.1 contienen una puerta trasera al servidor de telnet, que fue creada para desarrollo, pero que no se elimin\u00f3 antes de su distribuci\u00f3n.\r\nEsto permite a atacantes remotos la obtenci\u00f3n de privilegios de administraci\u00f3n."
}
],
"id": "CVE-2002-1272",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-32.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/181721"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6220"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-32.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/181721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-4383 (GCVE-0-2008-4383)
Vulnerability from cvelistv5 – Published: 2008-10-03 22:00 – Updated: 2024-08-07 10:17
VLAI?
Summary
Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30652"
},
{
"name": "1020657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"name": "omniswitch-session-bo(44400)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"name": "4347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4347"
},
{
"name": "31435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31435"
},
{
"name": "20080812 Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"name": "ADV-2008-2346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "30652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30652"
},
{
"name": "1020657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"name": "omniswitch-session-bo(44400)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"name": "4347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4347"
},
{
"name": "31435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31435"
},
{
"name": "20080812 Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"name": "ADV-2008-2346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2346"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-4383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30652"
},
{
"name": "1020657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020657"
},
{
"name": "http://www.layereddefense.com/alcatel12aug.html",
"refsource": "MISC",
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"name": "omniswitch-session-bo(44400)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"name": "4347",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4347"
},
{
"name": "31435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31435"
},
{
"name": "20080812 Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"name": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm",
"refsource": "CONFIRM",
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"name": "ADV-2008-2346",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2346"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-4383",
"datePublished": "2008-10-03T22:00:00",
"dateReserved": "2008-10-02T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1272 (GCVE-0-2002-1272)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI?
Summary
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "alcatel-omniswitch-backdoor(10664)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
},
{
"name": "6220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6220"
},
{
"name": "CA-2002-32",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-32.html"
},
{
"name": "VU#181721",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/181721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "alcatel-omniswitch-backdoor(10664)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
},
{
"name": "6220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6220"
},
{
"name": "CA-2002-32",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-32.html"
},
{
"name": "VU#181721",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/181721"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "alcatel-omniswitch-backdoor(10664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
},
{
"name": "6220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6220"
},
{
"name": "CA-2002-32",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-32.html"
},
{
"name": "VU#181721",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/181721"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1272",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-11-06T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4383 (GCVE-0-2008-4383)
Vulnerability from nvd – Published: 2008-10-03 22:00 – Updated: 2024-08-07 10:17
VLAI?
Summary
Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30652"
},
{
"name": "1020657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"name": "omniswitch-session-bo(44400)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"name": "4347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4347"
},
{
"name": "31435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31435"
},
{
"name": "20080812 Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"name": "ADV-2008-2346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "30652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30652"
},
{
"name": "1020657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"name": "omniswitch-session-bo(44400)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"name": "4347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4347"
},
{
"name": "31435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31435"
},
{
"name": "20080812 Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"name": "ADV-2008-2346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2346"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-4383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30652"
},
{
"name": "1020657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020657"
},
{
"name": "http://www.layereddefense.com/alcatel12aug.html",
"refsource": "MISC",
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"name": "omniswitch-session-bo(44400)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"name": "4347",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4347"
},
{
"name": "31435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31435"
},
{
"name": "20080812 Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"name": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm",
"refsource": "CONFIRM",
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"name": "ADV-2008-2346",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2346"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-4383",
"datePublished": "2008-10-03T22:00:00",
"dateReserved": "2008-10-02T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1272 (GCVE-0-2002-1272)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI?
Summary
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "alcatel-omniswitch-backdoor(10664)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
},
{
"name": "6220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6220"
},
{
"name": "CA-2002-32",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-32.html"
},
{
"name": "VU#181721",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/181721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "alcatel-omniswitch-backdoor(10664)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
},
{
"name": "6220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6220"
},
{
"name": "CA-2002-32",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-32.html"
},
{
"name": "VU#181721",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/181721"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "alcatel-omniswitch-backdoor(10664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
},
{
"name": "6220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6220"
},
{
"name": "CA-2002-32",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-32.html"
},
{
"name": "VU#181721",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/181721"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1272",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-11-06T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}