FKIE_CVE-2001-1425

Vulnerability from fkie_nvd - Published: 2001-04-10 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login.
References
cve@mitre.orghttp://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html
cve@mitre.orghttp://www.cert.org/advisories/CA-2001-08.htmlUS Government Resource
cve@mitre.orghttp://www.kb.cert.org/vuls/id/243592US Government Resource
cve@mitre.orghttp://www.securityfocus.com/archive/1/175229
cve@mitre.orghttp://www.securityfocus.com/bid/2568Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/6354
af854a3a-2127-422b-91ae-364da2661108http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html
af854a3a-2127-422b-91ae-364da2661108http://www.cert.org/advisories/CA-2001-08.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/243592US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/175229
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/2568Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/6354
Impacted products
Vendor Product Version
alcatel speed_touch_home khdsaa.108
alcatel speed_touch_home khdsaa.132
alcatel speed_touch_home khdsaa.133
alcatel speed_touch_home khdsaa.134
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:alcatel:speed_touch_home:khdsaa.108:*:*:*:*:*:*:*",
              "matchCriteriaId": "91040F84-5FFF-455F-B81A-EE2F450E878B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:alcatel:speed_touch_home:khdsaa.132:*:*:*:*:*:*:*",
              "matchCriteriaId": "5983F496-F470-4347-95DA-CF59EB3956E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:alcatel:speed_touch_home:khdsaa.133:*:*:*:*:*:*:*",
              "matchCriteriaId": "13D1F571-1947-4FDB-AE33-D1FD86E9116B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:alcatel:speed_touch_home:khdsaa.134:*:*:*:*:*:*:*",
              "matchCriteriaId": "10C8A4DE-F452-4063-A82E-0033190C490A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login."
    }
  ],
  "id": "CVE-2001-1425",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-04-10T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2001-08.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/243592"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/175229"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/2568"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2001-08.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/243592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/175229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/2568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6354"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.