Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities by alliedtelesyn
VAR-200612-0416
Vulnerability from variot - Updated: 2023-12-18 12:23The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions. AT-9000/24 is prone to a cross-site request forgery vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0416",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "at-9000 24 ethernetswitch",
"scope": "eq",
"trust": 1.0,
"vendor": "alliedtelesyn",
"version": "*"
},
{
"model": "at-9000 24 ethernetswitch",
"scope": null,
"trust": 0.8,
"vendor": "allied telesis",
"version": null
},
{
"model": "at-9000 24 ethernetswitch",
"scope": null,
"trust": 0.6,
"vendor": "alliedtelesyn",
"version": null
},
{
"model": "at-9000/24",
"scope": "eq",
"trust": 0.3,
"vendor": "allied telesis",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "87255"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001794"
},
{
"db": "NVD",
"id": "CVE-2006-6718"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-507"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alliedtelesyn:at-9000_24_ethernetswitch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6718"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "87255"
}
],
"trust": 0.3
},
"cve": "CVE-2006-6718",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-6718",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-22826",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-6718",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-507",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-22826",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22826"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001794"
},
{
"db": "NVD",
"id": "CVE-2006-6718"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-507"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, \"manager,\" which allows remote attackers to perform unauthorized actions. AT-9000/24 is prone to a cross-site request forgery vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6718"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001794"
},
{
"db": "BID",
"id": "87255"
},
{
"db": "VULHUB",
"id": "VHN-22826"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6718",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001794",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200612-507",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061216 ALLIED TELESIS AT-9000/24 ETHERNET SWITCH MANAGEMENT CAN BE ACCESSED FROM ALL VLANS.",
"trust": 0.6
},
{
"db": "BID",
"id": "87255",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-22826",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22826"
},
{
"db": "BID",
"id": "87255"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001794"
},
{
"db": "NVD",
"id": "CVE-2006-6718"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-507"
}
]
},
"id": "VAR-200612-0416",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-22826"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:23:41.277000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.alliedtelesis.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001794"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6718"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/454630/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6718"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6718"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22826"
},
{
"db": "BID",
"id": "87255"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001794"
},
{
"db": "NVD",
"id": "CVE-2006-6718"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-507"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-22826"
},
{
"db": "BID",
"id": "87255"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001794"
},
{
"db": "NVD",
"id": "CVE-2006-6718"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-507"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-22826"
},
{
"date": "2006-12-23T00:00:00",
"db": "BID",
"id": "87255"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001794"
},
{
"date": "2006-12-23T11:28:00",
"db": "NVD",
"id": "CVE-2006-6718"
},
{
"date": "2006-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-507"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-22826"
},
{
"date": "2006-12-23T00:00:00",
"db": "BID",
"id": "87255"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001794"
},
{
"date": "2018-10-17T21:49:29.287000",
"db": "NVD",
"id": "CVE-2006-6718"
},
{
"date": "2007-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-507"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-507"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allied Telesis AT-9000/24 Ethernet Vulnerability to execute unauthorized actions on the switch",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001794"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-507"
}
],
"trust": 0.6
}
}
VAR-200612-0415
Vulnerability from variot - Updated: 2023-12-18 12:23The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations. Allied Telesis AT-9000/24 switches are prone to an unauthorized-management-VLAN-access vulnerability. Exploiting this issue allows attackers with access to any port on affected switches to access the management VLAN. This may aid them in further attacks. Allied Telesis AT-9000/24 is a 24-port Gigabit switch made by Allied Telesis in the United States. Allied Telesis AT-9000/24 has loopholes in the managed access control, and attackers may gain unauthorized access to the device. Under normal circumstances, the remote management (SNMP, TELNET, HTTP) of the switch should only be performed through the management VLAN. The only management VLAN option for the AT-9000/24 is Default VLAN. However, if the switch is configured to contain multiple VLANs instead of just the Default VLAN, it can be managed from all of these VLANs.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.
Try it out online: http://secunia.com/software_inspector/
TITLE: Simple Web Content Management System "id" SQL Injection
SECUNIA ADVISORY ID: SA23590
VERIFY ADVISORY: http://secunia.com/advisories/23590/
CRITICAL: Moderately critical
IMPACT: Manipulation of data, Exposure of system information, Exposure of sensitive information
WHERE:
From remote
SOFTWARE: Simple Web Content Management System http://secunia.com/product/13142/
DESCRIPTION: DarkFig has discovered a vulnerability in Simple Web Content Management System, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "id" parameter in page.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation allows retrieval of arbitrary files from the database server.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY: DarkFig
ORIGINAL ADVISORY: http://acid-root.new.fr/poc/18070102.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0415",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "at-9000 24 ethernetswitch",
"scope": "eq",
"trust": 1.0,
"vendor": "alliedtelesyn",
"version": "*"
},
{
"model": "at-9000 24 ethernetswitch",
"scope": null,
"trust": 0.8,
"vendor": "allied telesis",
"version": null
},
{
"model": "at-9000 24 ethernetswitch",
"scope": null,
"trust": 0.6,
"vendor": "alliedtelesyn",
"version": null
},
{
"model": "at-9000/24",
"scope": "eq",
"trust": 0.3,
"vendor": "allied telesis",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "21628"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alliedtelesyn:at-9000_24_ethernetswitch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6717"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pasi Sj\u0026ouml;holm ptsjohol@cc.jyu.fi",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
],
"trust": 0.6
},
"cve": "CVE-2006-6717",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-6717",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-22825",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-6717",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-502",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-22825",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22825"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations. Allied Telesis AT-9000/24 switches are prone to an unauthorized-management-VLAN-access vulnerability. \nExploiting this issue allows attackers with access to any port on affected switches to access the management VLAN. This may aid them in further attacks. Allied Telesis AT-9000/24 \u200b\u200bis a 24-port Gigabit switch made by Allied Telesis in the United States. Allied Telesis AT-9000/24 \u200b\u200bhas loopholes in the managed access control, and attackers may gain unauthorized access to the device. Under normal circumstances, the remote management (SNMP, TELNET, HTTP) of the switch should only be performed through the management VLAN. The only management VLAN option for the AT-9000/24 \u200b\u200bis Default VLAN. However, if the switch is configured to contain multiple VLANs instead of just the Default VLAN, it can be managed from all of these VLANs. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nSimple Web Content Management System \"id\" SQL Injection\n\nSECUNIA ADVISORY ID:\nSA23590\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23590/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nManipulation of data, Exposure of system information, Exposure of\nsensitive information\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nSimple Web Content Management System\nhttp://secunia.com/product/13142/\n\nDESCRIPTION:\nDarkFig has discovered a vulnerability in Simple Web Content\nManagement System, which can be exploited by malicious people to\nconduct SQL injection attacks. \n\nInput passed to the \"id\" parameter in page.php is not properly\nsanitised before being used in SQL queries. This can be exploited to\nmanipulate SQL queries by injecting arbitrary SQL code. \n\nSuccessful exploitation allows retrieval of arbitrary files from the\ndatabase server. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. \n\nPROVIDED AND/OR DISCOVERED BY:\nDarkFig\n\nORIGINAL ADVISORY:\nhttp://acid-root.new.fr/poc/18070102.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"db": "BID",
"id": "21628"
},
{
"db": "VULHUB",
"id": "VHN-22825"
},
{
"db": "PACKETSTORM",
"id": "53423"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6717",
"trust": 2.5
},
{
"db": "BID",
"id": "21628",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "23590",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "23451",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200612-502",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061216 ALLIED TELESIS AT-9000/24 ETHERNET SWITCH MANAGEMENT CAN BE ACCESSED FROM ALL VLANS.",
"trust": 0.6
},
{
"db": "XF",
"id": "30924",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-22825",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "53423",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22825"
},
{
"db": "BID",
"id": "21628"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"db": "PACKETSTORM",
"id": "53423"
},
{
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"id": "VAR-200612-0415",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-22825"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:23:41.247000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.alliedtelesis.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6717"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/21628"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/23451"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/23590"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30924"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6717"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6717"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/30924"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/454630/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.alliedtelesyn.com/products/details.aspx?604"
},
{
"trust": 0.3,
"url": "/archive/1/454630"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://acid-root.new.fr/poc/18070102.txt"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/23590/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13142/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22825"
},
{
"db": "BID",
"id": "21628"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"db": "PACKETSTORM",
"id": "53423"
},
{
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-22825"
},
{
"db": "BID",
"id": "21628"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"db": "PACKETSTORM",
"id": "53423"
},
{
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-22825"
},
{
"date": "2006-12-16T00:00:00",
"db": "BID",
"id": "21628"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"date": "2007-01-04T17:16:54",
"db": "PACKETSTORM",
"id": "53423"
},
{
"date": "2006-12-23T11:28:00",
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"date": "2006-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-22825"
},
{
"date": "2006-12-18T17:33:00",
"db": "BID",
"id": "21628"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"date": "2018-10-17T21:49:28.943000",
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"date": "2007-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allied Telesis AT-9000/24 Ethernet Vulnerability in an attack from an unexpected location on the switch",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
],
"trust": 0.6
}
}
CVE-2002-2415 (GCVE-0-2002-2415)
Vulnerability from cvelistv5 – Published: 2007-11-01 17:00 – Updated: 2024-09-16 16:18
VLAI
Summary
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/6233 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.iss.net/security_center/static/10680.php | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:53.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6233"
},
{
"name": "20021120 Allied Telesyn switches \u0026 routers vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0291.html"
},
{
"name": "telesyn-zero-stream-dos(10680)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10680.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-01T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6233"
},
{
"name": "20021120 Allied Telesyn switches \u0026 routers vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0291.html"
},
{
"name": "telesyn-zero-stream-dos(10680)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10680.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6233"
},
{
"name": "20021120 Allied Telesyn switches \u0026 routers vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0291.html"
},
{
"name": "telesyn-zero-stream-dos(10680)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10680.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2415",
"datePublished": "2007-11-01T17:00:00.000Z",
"dateReserved": "2007-11-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:18:33.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6717 (GCVE-0-2006-6717)
Vulnerability from cvelistv5 – Published: 2006-12-23 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/454630/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/23590 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/21628 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/23451 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-12-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
},
{
"name": "23590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23590"
},
{
"name": "21628",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21628"
},
{
"name": "23451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23451"
},
{
"name": "alliedtelesis-vlan-security-bypass(30924)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
},
{
"name": "23590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23590"
},
{
"name": "21628",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21628"
},
{
"name": "23451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23451"
},
{
"name": "alliedtelesis-vlan-security-bypass(30924)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
},
{
"name": "23590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23590"
},
{
"name": "21628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21628"
},
{
"name": "23451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23451"
},
{
"name": "alliedtelesis-vlan-security-bypass(30924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6717",
"datePublished": "2006-12-23T11:00:00.000Z",
"dateReserved": "2006-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6718 (GCVE-0-2006-6718)
Vulnerability from cvelistv5 – Published: 2006-12-23 11:00 – Updated: 2024-08-07 20:34
VLAI
Summary
The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/454630/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-12-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:34:00.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, \"manager,\" which allows remote attackers to perform unauthorized actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, \"manager,\" which allows remote attackers to perform unauthorized actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6718",
"datePublished": "2006-12-23T11:00:00.000Z",
"dateReserved": "2006-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:34:00.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6184 (GCVE-0-2006-6184)
Vulnerability from cvelistv5 – Published: 2006-12-01 00:00 – Updated: 2024-08-07 20:19
VLAI
Summary
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/11350 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/23106 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/8120 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/452743/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.exploit-db.com/exploits/24952 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/1929 | third-party-advisoryx_refsource_SREASON |
| http://www.exploit-db.com/exploits/16350 | exploitx_refsource_EXPLOIT-DB |
| http://www.vupen.com/english/advisories/2006/4737 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/21320 | vdb-entryx_refsource_BID |
Date Public
2006-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11350",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11350"
},
{
"name": "23106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23106"
},
{
"name": "8120",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8120"
},
{
"name": "20061126 TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452743/100/0/threaded"
},
{
"name": "24952",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24952"
},
{
"name": "1929",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1929"
},
{
"name": "16350",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/16350"
},
{
"name": "ADV-2006-4737",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4737"
},
{
"name": "attftp-filename-bo(30539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30539"
},
{
"name": "21320",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11350",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11350"
},
{
"name": "23106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23106"
},
{
"name": "8120",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8120"
},
{
"name": "20061126 TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452743/100/0/threaded"
},
{
"name": "24952",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/24952"
},
{
"name": "1929",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1929"
},
{
"name": "16350",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/16350"
},
{
"name": "ADV-2006-4737",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4737"
},
{
"name": "attftp-filename-bo(30539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30539"
},
{
"name": "21320",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11350",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11350"
},
{
"name": "23106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23106"
},
{
"name": "8120",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8120"
},
{
"name": "20061126 TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452743/100/0/threaded"
},
{
"name": "24952",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24952"
},
{
"name": "1929",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1929"
},
{
"name": "16350",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16350"
},
{
"name": "ADV-2006-4737",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4737"
},
{
"name": "attftp-filename-bo(30539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30539"
},
{
"name": "21320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6184",
"datePublished": "2006-12-01T00:00:00.000Z",
"dateReserved": "2006-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:19:35.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2030 (GCVE-0-2006-2030)
Vulnerability from cvelistv5 – Published: 2006-04-26 00:00 – Updated: 2024-08-07 17:35
VLAI
Summary
The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/431586/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060419 Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431586/100/0/threaded"
},
{
"name": "telesyn-udp-dos(25938)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25938"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060419 Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431586/100/0/threaded"
},
{
"name": "telesyn-udp-dos(25938)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25938"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060419 Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431586/100/0/threaded"
},
{
"name": "telesyn-udp-dos(25938)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25938"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2030",
"datePublished": "2006-04-26T00:00:00.000Z",
"dateReserved": "2006-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:35:31.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0617 (GCVE-0-2001-0617)
Vulnerability from cvelistv5 – Published: 2001-07-27 04:00 – Updated: 2024-08-08 04:30
VLAI
Summary
Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2001-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010514 Cable-Router AR220e Portmapper Security-Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0125.html"
},
{
"name": "telesyn-portmapper-access-services(6560)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6560"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the \u0027Virtual Server\u0027 enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010514 Cable-Router AR220e Portmapper Security-Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0125.html"
},
{
"name": "telesyn-portmapper-access-services(6560)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6560"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the \u0027Virtual Server\u0027 enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010514 Cable-Router AR220e Portmapper Security-Flaw",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0125.html"
},
{
"name": "telesyn-portmapper-access-services(6560)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6560"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0617",
"datePublished": "2001-07-27T04:00:00.000Z",
"dateReserved": "2001-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:06.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6717 (GCVE-0-2006-6717)
Vulnerability from nvd – Published: 2006-12-23 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/454630/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/23590 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/21628 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/23451 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-12-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
},
{
"name": "23590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23590"
},
{
"name": "21628",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21628"
},
{
"name": "23451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23451"
},
{
"name": "alliedtelesis-vlan-security-bypass(30924)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
},
{
"name": "23590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23590"
},
{
"name": "21628",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21628"
},
{
"name": "23451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23451"
},
{
"name": "alliedtelesis-vlan-security-bypass(30924)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
},
{
"name": "23590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23590"
},
{
"name": "21628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21628"
},
{
"name": "23451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23451"
},
{
"name": "alliedtelesis-vlan-security-bypass(30924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6717",
"datePublished": "2006-12-23T11:00:00.000Z",
"dateReserved": "2006-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6718 (GCVE-0-2006-6718)
Vulnerability from nvd – Published: 2006-12-23 11:00 – Updated: 2024-08-07 20:34
VLAI
Summary
The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/454630/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-12-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:34:00.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, \"manager,\" which allows remote attackers to perform unauthorized actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, \"manager,\" which allows remote attackers to perform unauthorized actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6718",
"datePublished": "2006-12-23T11:00:00.000Z",
"dateReserved": "2006-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:34:00.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6184 (GCVE-0-2006-6184)
Vulnerability from nvd – Published: 2006-12-01 00:00 – Updated: 2024-08-07 20:19
VLAI
Summary
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/11350 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/23106 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/8120 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/452743/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.exploit-db.com/exploits/24952 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/1929 | third-party-advisoryx_refsource_SREASON |
| http://www.exploit-db.com/exploits/16350 | exploitx_refsource_EXPLOIT-DB |
| http://www.vupen.com/english/advisories/2006/4737 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/21320 | vdb-entryx_refsource_BID |
Date Public
2006-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11350",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11350"
},
{
"name": "23106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23106"
},
{
"name": "8120",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8120"
},
{
"name": "20061126 TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452743/100/0/threaded"
},
{
"name": "24952",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24952"
},
{
"name": "1929",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1929"
},
{
"name": "16350",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/16350"
},
{
"name": "ADV-2006-4737",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4737"
},
{
"name": "attftp-filename-bo(30539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30539"
},
{
"name": "21320",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11350",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11350"
},
{
"name": "23106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23106"
},
{
"name": "8120",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8120"
},
{
"name": "20061126 TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452743/100/0/threaded"
},
{
"name": "24952",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/24952"
},
{
"name": "1929",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1929"
},
{
"name": "16350",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/16350"
},
{
"name": "ADV-2006-4737",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4737"
},
{
"name": "attftp-filename-bo(30539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30539"
},
{
"name": "21320",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11350",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11350"
},
{
"name": "23106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23106"
},
{
"name": "8120",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8120"
},
{
"name": "20061126 TFTP Server AT-TFTP Server v 1.9 Buffer Overflow Vulnerability (Long filename)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452743/100/0/threaded"
},
{
"name": "24952",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24952"
},
{
"name": "1929",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1929"
},
{
"name": "16350",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16350"
},
{
"name": "ADV-2006-4737",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4737"
},
{
"name": "attftp-filename-bo(30539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30539"
},
{
"name": "21320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6184",
"datePublished": "2006-12-01T00:00:00.000Z",
"dateReserved": "2006-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:19:35.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2030 (GCVE-0-2006-2030)
Vulnerability from nvd – Published: 2006-04-26 00:00 – Updated: 2024-08-07 17:35
VLAI
Summary
The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/431586/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060419 Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431586/100/0/threaded"
},
{
"name": "telesyn-udp-dos(25938)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25938"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060419 Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431586/100/0/threaded"
},
{
"name": "telesyn-udp-dos(25938)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25938"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060419 Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431586/100/0/threaded"
},
{
"name": "telesyn-udp-dos(25938)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25938"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2030",
"datePublished": "2006-04-26T00:00:00.000Z",
"dateReserved": "2006-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:35:31.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2415 (GCVE-0-2002-2415)
Vulnerability from nvd – Published: 2007-11-01 17:00 – Updated: 2024-09-16 16:18
VLAI
Summary
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/6233 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.iss.net/security_center/static/10680.php | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:53.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6233"
},
{
"name": "20021120 Allied Telesyn switches \u0026 routers vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0291.html"
},
{
"name": "telesyn-zero-stream-dos(10680)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10680.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-01T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6233"
},
{
"name": "20021120 Allied Telesyn switches \u0026 routers vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0291.html"
},
{
"name": "telesyn-zero-stream-dos(10680)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10680.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6233"
},
{
"name": "20021120 Allied Telesyn switches \u0026 routers vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0291.html"
},
{
"name": "telesyn-zero-stream-dos(10680)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10680.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2415",
"datePublished": "2007-11-01T17:00:00.000Z",
"dateReserved": "2007-11-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:18:33.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0617 (GCVE-0-2001-0617)
Vulnerability from nvd – Published: 2001-07-27 04:00 – Updated: 2024-08-08 04:30
VLAI
Summary
Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2001-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010514 Cable-Router AR220e Portmapper Security-Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0125.html"
},
{
"name": "telesyn-portmapper-access-services(6560)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6560"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the \u0027Virtual Server\u0027 enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010514 Cable-Router AR220e Portmapper Security-Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0125.html"
},
{
"name": "telesyn-portmapper-access-services(6560)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6560"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the \u0027Virtual Server\u0027 enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010514 Cable-Router AR220e Portmapper Security-Flaw",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0125.html"
},
{
"name": "telesyn-portmapper-access-services(6560)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6560"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0617",
"datePublished": "2001-07-27T04:00:00.000Z",
"dateReserved": "2001-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:30:06.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}