cvelistv5 - cve-2006-5382

CVE-2006-5382 (GCVE-0-2006-5382)

Vulnerability from cvelistv5 – Published: 2006-10-25 23:00 – Updated: 2024-08-07 19:48

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/22818	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2006/4184	vdb-entryx_refsource_VUPEN
	http://www.3com.com/securityalert/alerts/3COM-06-…	x_refsource_CONFIRM
	http://securitytracker.com/id?1017128	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/20736	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:48:30.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "22818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22818"
          },
          {
            "name": "3com-ss34400-snmp-information-disclosure(29779)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29779"
          },
          {
            "name": "ADV-2006-4184",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4184"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.3com.com/securityalert/alerts/3COM-06-004.html"
          },
          {
            "name": "1017128",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017128"
          },
          {
            "name": "20736",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20736"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified \"normally restricted management packets on the device\" that cause the community string to be returned."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "22818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22818"
        },
        {
          "name": "3com-ss34400-snmp-information-disclosure(29779)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29779"
        },
        {
          "name": "ADV-2006-4184",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4184"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.3com.com/securityalert/alerts/3COM-06-004.html"
        },
        {
          "name": "1017128",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017128"
        },
        {
          "name": "20736",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20736"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5382",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified \"normally restricted management packets on the device\" that cause the community string to be returned."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "22818",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22818"
            },
            {
              "name": "3com-ss34400-snmp-information-disclosure(29779)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29779"
            },
            {
              "name": "ADV-2006-4184",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4184"
            },
            {
              "name": "http://www.3com.com/securityalert/alerts/3COM-06-004.html",
              "refsource": "CONFIRM",
              "url": "http://www.3com.com/securityalert/alerts/3COM-06-004.html"
            },
            {
              "name": "1017128",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017128"
            },
            {
              "name": "20736",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20736"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5382",
    "datePublished": "2006-10-25T23:00:00",
    "dateReserved": "2006-10-18T00:00:00",
    "dateUpdated": "2024-08-07T19:48:30.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:3com:superstack_3_switch_4400:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"firmware_6.10\", \"matchCriteriaId\": \"FE9E54F8-121A-463E-B68B-64AF98F75DFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:3com:superstack_3_switch_4400:firmware_5.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFCDE8DF-0DB6-4BD3-BB66-1F3DED59D1AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:3com:superstack_3_switch_4400:firmware_6.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14382BA-FEB8-4AE3-8361-69EBB6B17DB2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified \\\"normally restricted management packets on the device\\\" that cause the community string to be returned.\"}, {\"lang\": \"es\", \"value\": \"El firmware de los conmutadores de 3Com Switch SS3 4400, versiones 5.11, 6.00, 6.10 y anteriores, permite a atacantes remotos la lectura de la cadena SNMP Read-Write Community y realizar acciones no autorizadas mediante paquetes de gesti\\u00f3n normalmente restringidos en el dispositivo, que provocan que la cadena community sea devuelta.\"}]",
      "id": "CVE-2006-5382",
      "lastModified": "2024-11-21T00:19:00.637",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2006-10-25T23:07:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/22818\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1017128\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.3com.com/securityalert/alerts/3COM-06-004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/20736\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4184\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29779\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/22818\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1017128\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.3com.com/securityalert/alerts/3COM-06-004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/20736\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4184\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29779\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-5382\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-10-25T23:07:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified \\\"normally restricted management packets on the device\\\" that cause the community string to be returned.\"},{\"lang\":\"es\",\"value\":\"El firmware de los conmutadores de 3Com Switch SS3 4400, versiones 5.11, 6.00, 6.10 y anteriores, permite a atacantes remotos la lectura de la cadena SNMP Read-Write Community y realizar acciones no autorizadas mediante paquetes de gesti\u00f3n normalmente restringidos en el dispositivo, que provocan que la cadena community sea devuelta.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:3com:superstack_3_switch_4400:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"firmware_6.10\",\"matchCriteriaId\":\"FE9E54F8-121A-463E-B68B-64AF98F75DFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:3com:superstack_3_switch_4400:firmware_5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFCDE8DF-0DB6-4BD3-BB66-1F3DED59D1AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:3com:superstack_3_switch_4400:firmware_6.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14382BA-FEB8-4AE3-8361-69EBB6B17DB2\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/22818\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017128\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.3com.com/securityalert/alerts/3COM-06-004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/20736\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4184\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29779\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22818\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017128\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.3com.com/securityalert/alerts/3COM-06-004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/20736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29779\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2006-AVI-493

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité a été identifiée dans les produits 3Com de la famille des SuperStack 3 (SS3) 4400 Switch. Il s'agirait d'une mauvaise manipulation de certains paquets liés à la gestion du système. Une personne créant de tels paquets et pouvant les adresser au système dans le VLAN de gestion, pourrait accéder à des informations de configuration, comme la chaîne de caractères community string de SNMP. Connaissant cette dernière, il pourrait alors effectuer un ensemble d'opérations sur le système vulnérable, tels désactiver des ports ou reconfigurer les VLANs.

Solution

Se référer au bulletin de sécurité de l'éditeur 3Com pour l'obtention des correctifs (cf. section Documentation).

3Com SuperStack 3 Switch 4400 ;
3Com SuperStack 3 Switch 4400PWR ;
3Com SuperStack 3 Switch 4400SE ;
3Com SuperStack 3 Switch 4400FW.

Les logiciels des matériels ayant une version antérieure ou égale à 5.11, 6.00 ou 6.10 seraient vulnérables.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Avis de sécurité 3Com 3COM-06-004 du 19 octobre 2006	None	vendor-advisory
Bulletin de sécurité 3Com 3COM-2006-004 du 19 octobre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003e3Com SuperStack 3 Switch 4400 ;\u003c/LI\u003e    \u003cLI\u003e3Com SuperStack 3 Switch 4400PWR ;\u003c/LI\u003e    \u003cLI\u003e3Com SuperStack 3 Switch 4400SE ;\u003c/LI\u003e    \u003cLI\u003e3Com SuperStack 3 Switch 4400FW.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLes logiciels des mat\u00e9riels ayant une version ant\u00e9rieure ou  \u00e9gale \u00e0 5.11, 6.00 ou 6.10 seraient vuln\u00e9rables.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans les produits 3Com de la famille\ndes SuperStack 3 (SS3) 4400 Switch. Il s\u0027agirait d\u0027une mauvaise\nmanipulation de certains paquets li\u00e9s \u00e0 la gestion du syst\u00e8me. Une\npersonne cr\u00e9ant de tels paquets et pouvant les adresser au syst\u00e8me dans\nle VLAN de gestion, pourrait acc\u00e9der \u00e0 des informations de\nconfiguration, comme la cha\u00eene de caract\u00e8res community string de SNMP.\nConnaissant cette derni\u00e8re, il pourrait alors effectuer un ensemble\nd\u0027op\u00e9rations sur le syst\u00e8me vuln\u00e9rable, tels d\u00e9sactiver des ports ou\nreconfigurer les VLANs.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur 3Com pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-5382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5382"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 3Com 3COM-2006-004 du 19 octobre 2006    :",
      "url": "http://www.3com.com/securityalert/alerts/3COM-06-004.html"
    }
  ],
  "reference": "CERTA-2006-AVI-493",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits 3Com SuperStack 3 Switch 4400",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 3Com 3COM-06-004 du 19 octobre 2006",
      "url": null
    }
  ]
}

CERTA-2006-AVI-493

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Solution

Se référer au bulletin de sécurité de l'éditeur 3Com pour l'obtention des correctifs (cf. section Documentation).

3Com SuperStack 3 Switch 4400 ;
3Com SuperStack 3 Switch 4400PWR ;
3Com SuperStack 3 Switch 4400SE ;
3Com SuperStack 3 Switch 4400FW.

Les logiciels des matériels ayant une version antérieure ou égale à 5.11, 6.00 ou 6.10 seraient vulnérables.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Avis de sécurité 3Com 3COM-06-004 du 19 octobre 2006	None	vendor-advisory
Bulletin de sécurité 3Com 3COM-2006-004 du 19 octobre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003e3Com SuperStack 3 Switch 4400 ;\u003c/LI\u003e    \u003cLI\u003e3Com SuperStack 3 Switch 4400PWR ;\u003c/LI\u003e    \u003cLI\u003e3Com SuperStack 3 Switch 4400SE ;\u003c/LI\u003e    \u003cLI\u003e3Com SuperStack 3 Switch 4400FW.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLes logiciels des mat\u00e9riels ayant une version ant\u00e9rieure ou  \u00e9gale \u00e0 5.11, 6.00 ou 6.10 seraient vuln\u00e9rables.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans les produits 3Com de la famille\ndes SuperStack 3 (SS3) 4400 Switch. Il s\u0027agirait d\u0027une mauvaise\nmanipulation de certains paquets li\u00e9s \u00e0 la gestion du syst\u00e8me. Une\npersonne cr\u00e9ant de tels paquets et pouvant les adresser au syst\u00e8me dans\nle VLAN de gestion, pourrait acc\u00e9der \u00e0 des informations de\nconfiguration, comme la cha\u00eene de caract\u00e8res community string de SNMP.\nConnaissant cette derni\u00e8re, il pourrait alors effectuer un ensemble\nd\u0027op\u00e9rations sur le syst\u00e8me vuln\u00e9rable, tels d\u00e9sactiver des ports ou\nreconfigurer les VLANs.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur 3Com pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-5382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5382"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 3Com 3COM-2006-004 du 19 octobre 2006    :",
      "url": "http://www.3com.com/securityalert/alerts/3COM-06-004.html"
    }
  ],
  "reference": "CERTA-2006-AVI-493",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits 3Com SuperStack 3 Switch 4400",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 3Com 3COM-06-004 du 19 octobre 2006",
      "url": null
    }
  ]
}

VAR-200610-0162

Vulnerability from variot - Updated: 2023-12-18 11:32

3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned. 3Com SS3 4400 Switch products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to retrieve potentially sensitive information. The impact of successful exploits may allow various operations on the device, including disabling ports and reconfiguring a VLAN. Note that this issue may be exploited only through the management VLAN that the affected device is connected to. Firmware versions 5.11, 6.00, and 6.10 or earlier are vulnerable.

To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.

The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.

This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links

Read the full description: http://corporate.secunia.com/products/48/?r=l

Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l

TITLE: 3Com SuperStack 3 Switch 4400 Information Disclosure

SECUNIA ADVISORY ID: SA22818

VERIFY ADVISORY: http://secunia.com/advisories/22818/

CRITICAL: Less critical

IMPACT: Exposure of sensitive information

WHERE:

From local network

OPERATING SYSTEM: 3Com SuperStack 3 Switch 4400 Family http://secunia.com/product/450/

DESCRIPTION: A security issue has been reported in the 3Com SuperStack 3 Switch 4400 family, which can be exploited by malicious people to gain knowledge of sensitive information.

Successful exploitation requires access to the management VLAN.

SOLUTION: An update is reportedly available for customers with a software maintenance agreement or via the 3Com Partner Access site.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Andrew Brennan.

ORIGINAL ADVISORY: http://www.3com.com/securityalert/alerts/3COM-06-004.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200610-0162",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "superstack 3 switch 4400",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "3com",
        "version": "firmware_6.00"
      },
      {
        "model": "superstack 3 switch 4400",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "3com",
        "version": "firmware_5.11"
      },
      {
        "model": "superstack 3 switch 4400",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "3com",
        "version": "firmware_6.10"
      },
      {
        "model": "superstack 3 switch 4400",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "3com",
        "version": "firmware 5.11"
      },
      {
        "model": "superstack 3 switch 4400",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "3com",
        "version": "6.00"
      },
      {
        "model": "superstack 3 switch 4400",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "3com",
        "version": "6.10"
      },
      {
        "model": "superstack 3 switch 4400",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "3com",
        "version": "firmware_6.10"
      },
      {
        "model": "superstack switch se",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "3com",
        "version": "34400.0"
      },
      {
        "model": "superstack switch pwr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "3com",
        "version": "34400.0"
      },
      {
        "model": "superstack switch fx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "3com",
        "version": "34400.0"
      },
      {
        "model": "superstack switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "3com",
        "version": "34400.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "20736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001397"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-423"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:3com:superstack_3_switch_4400:firmware_5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:3com:superstack_3_switch_4400:firmware_6.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:3com:superstack_3_switch_4400:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "firmware_6.10",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5382"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andrew Brennan is credited with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "20736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-423"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2006-5382",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2006-5382",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-21490",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-5382",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200610-423",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-21490",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2006-5382",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-21490"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-5382"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001397"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-423"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified \"normally restricted management packets on the device\" that cause the community string to be returned. 3Com SS3 4400 Switch products are prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to retrieve potentially sensitive information. The impact of successful exploits may allow various operations on the device, including disabling ports and reconfiguring a VLAN. \nNote that this issue may be exploited only through the management VLAN that the affected device is connected to. \nFirmware versions 5.11, 6.00, and 6.10 or earlier are vulnerable. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\n3Com SuperStack 3 Switch 4400 Information Disclosure\n\nSECUNIA ADVISORY ID:\nSA22818\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22818/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nExposure of sensitive information\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\n3Com SuperStack 3 Switch 4400 Family\nhttp://secunia.com/product/450/\n\nDESCRIPTION:\nA security issue has been reported in the 3Com SuperStack 3 Switch\n4400 family, which can be exploited by malicious people to gain\nknowledge of sensitive information. \n\nSuccessful exploitation requires access to the management VLAN. \n\nSOLUTION:\nAn update is reportedly available for customers with a software\nmaintenance agreement or via the 3Com Partner Access site. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Andrew Brennan. \n\nORIGINAL ADVISORY:\nhttp://www.3com.com/securityalert/alerts/3COM-06-004.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5382"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001397"
      },
      {
        "db": "BID",
        "id": "20736"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21490"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-5382"
      },
      {
        "db": "PACKETSTORM",
        "id": "52075"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-5382",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "20736",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "22818",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4184",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1017128",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001397",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-423",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "3",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "29779",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-21490",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2006/4184",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-5382",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "52075",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-21490"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-5382"
      },
      {
        "db": "BID",
        "id": "20736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001397"
      },
      {
        "db": "PACKETSTORM",
        "id": "52075"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-423"
      }
    ]
  },
  "id": "VAR-200610-0162",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-21490"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:32:10.984000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://h17007.www1.hp.com/us/en/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001397"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5382"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/20736"
      },
      {
        "trust": 1.9,
        "url": "http://www.3com.com/securityalert/alerts/3com-06-004.html"
      },
      {
        "trust": 1.8,
        "url": "http://securitytracker.com/id?1017128"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/22818"
      },
      {
        "trust": 1.2,
        "url": "http://www.vupen.com/english/advisories/2006/4184"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29779"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5382"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5382"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/4184"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/29779"
      },
      {
        "trust": 0.3,
        "url": "http://www.3com.com/products/en_us/result.jsp?selected=6\u0026sort=effdt\u0026sku=3crwe754g72-a\u0026order=desc"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/450/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/products/48/?r=l"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/22818/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-21490"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-5382"
      },
      {
        "db": "BID",
        "id": "20736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001397"
      },
      {
        "db": "PACKETSTORM",
        "id": "52075"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-423"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-21490"
      },
      {
        "db": "VULMON",
        "id": "CVE-2006-5382"
      },
      {
        "db": "BID",
        "id": "20736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001397"
      },
      {
        "db": "PACKETSTORM",
        "id": "52075"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-423"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-10-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-21490"
      },
      {
        "date": "2006-10-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2006-5382"
      },
      {
        "date": "2006-10-25T00:00:00",
        "db": "BID",
        "id": "20736"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001397"
      },
      {
        "date": "2006-11-16T03:19:38",
        "db": "PACKETSTORM",
        "id": "52075"
      },
      {
        "date": "2006-10-25T23:07:00",
        "db": "NVD",
        "id": "CVE-2006-5382"
      },
      {
        "date": "2006-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200610-423"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-21490"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2006-5382"
      },
      {
        "date": "2006-10-26T18:38:00",
        "db": "BID",
        "id": "20736"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001397"
      },
      {
        "date": "2017-07-20T01:33:42.087000",
        "db": "NVD",
        "id": "CVE-2006-5382"
      },
      {
        "date": "2006-10-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200610-423"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-423"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "3Com Switch SS3 4400 Vulnerable to taking unauthorized actions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001397"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Configuration Error",
    "sources": [
      {
        "db": "BID",
        "id": "20736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-423"
      }
    ],
    "trust": 0.9
  }
}

FKIE_CVE-2006-5382

Vulnerability from fkie_nvd - Published: 2006-10-25 23:07 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://secunia.com/advisories/22818
	cve@mitre.org	http://securitytracker.com/id?1017128
	cve@mitre.org	http://www.3com.com/securityalert/alerts/3COM-06-004.html
	cve@mitre.org	http://www.securityfocus.com/bid/20736
	cve@mitre.org	http://www.vupen.com/english/advisories/2006/4184
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/29779
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22818
	af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017128
	af854a3a-2127-422b-91ae-364da2661108	http://www.3com.com/securityalert/alerts/3COM-06-004.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20736
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4184
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/29779

Impacted products

Vendor	Product	Version
3com	superstack_3_switch_4400	*
3com	superstack_3_switch_4400	firmware_5.11
3com	superstack_3_switch_4400	firmware_6.00

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:3com:superstack_3_switch_4400:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE9E54F8-121A-463E-B68B-64AF98F75DFD",
              "versionEndIncluding": "firmware_6.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:3com:superstack_3_switch_4400:firmware_5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFCDE8DF-0DB6-4BD3-BB66-1F3DED59D1AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:3com:superstack_3_switch_4400:firmware_6.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14382BA-FEB8-4AE3-8361-69EBB6B17DB2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified \"normally restricted management packets on the device\" that cause the community string to be returned."
    },
    {
      "lang": "es",
      "value": "El firmware de los conmutadores de 3Com Switch SS3 4400, versiones 5.11, 6.00, 6.10 y anteriores, permite a atacantes remotos la lectura de la cadena SNMP Read-Write Community y realizar acciones no autorizadas mediante paquetes de gesti\u00f3n normalmente restringidos en el dispositivo, que provocan que la cadena community sea devuelta."
    }
  ],
  "id": "CVE-2006-5382",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-10-25T23:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22818"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017128"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.3com.com/securityalert/alerts/3COM-06-004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/20736"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4184"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.3com.com/securityalert/alerts/3COM-06-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29779"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-J6MH-XC57-P4VW

Vulnerability from github – Published: 2022-05-01 07:27 – Updated: 2022-05-01 07:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-5382"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-10-25T23:07:00Z",
    "severity": "HIGH"
  },
  "details": "3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified \"normally restricted management packets on the device\" that cause the community string to be returned.",
  "id": "GHSA-j6mh-xc57-p4vw",
  "modified": "2022-05-01T07:27:57Z",
  "published": "2022-05-01T07:27:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5382"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29779"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22818"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017128"
    },
    {
      "type": "WEB",
      "url": "http://www.3com.com/securityalert/alerts/3COM-06-004.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20736"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2006-5382

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-5382

Aliases

CVE-2006-5382

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-5382",
    "description": "3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified \"normally restricted management packets on the device\" that cause the community string to be returned.",
    "id": "GSD-2006-5382"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-5382"
      ],
      "details": "3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified \"normally restricted management packets on the device\" that cause the community string to be returned.",
      "id": "GSD-2006-5382",
      "modified": "2023-12-13T01:19:56.609099Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-5382",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified \"normally restricted management packets on the device\" that cause the community string to be returned."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "22818",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22818"
          },
          {
            "name": "3com-ss34400-snmp-information-disclosure(29779)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29779"
          },
          {
            "name": "ADV-2006-4184",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/4184"
          },
          {
            "name": "http://www.3com.com/securityalert/alerts/3COM-06-004.html",
            "refsource": "CONFIRM",
            "url": "http://www.3com.com/securityalert/alerts/3COM-06-004.html"
          },
          {
            "name": "1017128",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017128"
          },
          {
            "name": "20736",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/20736"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:3com:superstack_3_switch_4400:firmware_5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:3com:superstack_3_switch_4400:firmware_6.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:3com:superstack_3_switch_4400:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "firmware_6.10",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5382"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified \"normally restricted management packets on the device\" that cause the community string to be returned."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.3com.com/securityalert/alerts/3COM-06-004.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.3com.com/securityalert/alerts/3COM-06-004.html"
            },
            {
              "name": "20736",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/20736"
            },
            {
              "name": "1017128",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017128"
            },
            {
              "name": "22818",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22818"
            },
            {
              "name": "ADV-2006-4184",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/4184"
            },
            {
              "name": "3com-ss34400-snmp-information-disclosure(29779)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29779"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-20T01:33Z",
      "publishedDate": "2006-10-25T23:07Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-5382 (GCVE-0-2006-5382)

CERTA-2006-AVI-493

Description

Solution

CERTA-2006-AVI-493

Description

Solution

VAR-200610-0162

FKIE_CVE-2006-5382

GHSA-J6MH-XC57-P4VW

GSD-2006-5382

Tags

Sightings

Nomenclature