VAR-200101-0109
Vulnerability from variot - Updated: 2023-12-18 13:31Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. The Cisco Storage Router is a enterprise-level gigabit-capable routing device designed to handle storage over networks. It is distributed by Cisco Systems. A problem in the firmware used with SN 5420 routers makes it possible to gain unauthorized access and elevated privileges. A remote user may gain a developer shell from either rlogin via the fibrechannel interface of the router, or through port 8023 on the gigabit side of the router. Commands and configuration changes may be executed from the shell, and are not logged by the SN logging facility,. Cisco SN 5420 Storage Router 1.1(3) and earlier versions have vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200101-0109",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sn 5420 storage router",
"scope": "eq",
"trust": 2.2,
"vendor": "cisco",
"version": "1.1\\(3\\)"
},
{
"model": "sn 5420 storage router",
"scope": "eq",
"trust": 2.2,
"vendor": "cisco",
"version": "1.1\\(2\\)"
},
{
"model": "sn storage router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "54201.1(3)"
},
{
"model": "sn storage router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "54201.1(2)"
},
{
"model": "sn storage router",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "54201.1(4)"
}
],
"sources": [
{
"db": "BID",
"id": "3131"
},
{
"db": "NVD",
"id": "CVE-2001-1037"
},
{
"db": "CNNVD",
"id": "CNNVD-200101-005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:sn_5420_storage_router_firmware:1.1\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:sn_5420_storage_router_firmware:1.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1037"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was announced in a Cisco Security Advisory on August 1, 2001.",
"sources": [
{
"db": "BID",
"id": "3131"
}
],
"trust": 0.3
},
"cve": "CVE-2001-1037",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-3842",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-1037",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200101-005",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-3842",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3842"
},
{
"db": "NVD",
"id": "CVE-2001-1037"
},
{
"db": "CNNVD",
"id": "CNNVD-200101-005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer\u0027s shell without a password and execute certain restricted commands without being logged. The Cisco Storage Router is a enterprise-level gigabit-capable routing device designed to handle storage over networks. It is distributed by Cisco Systems. \nA problem in the firmware used with SN 5420 routers makes it possible to gain unauthorized access and elevated privileges. A remote user may gain a developer shell from either rlogin via the fibrechannel interface of the router, or through port 8023 on the gigabit side of the router. Commands and configuration changes may be executed from the shell, and are not logged by the SN logging facility,. Cisco SN 5420 Storage Router 1.1(3) and earlier versions have vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1037"
},
{
"db": "BID",
"id": "3131"
},
{
"db": "VULHUB",
"id": "VHN-3842"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3131",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "1917",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2001-1037",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200101-005",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20010711 VULNERABILITIES IN CISCO SN 5420 STORAGE ROUTERS",
"trust": 0.6
},
{
"db": "XF",
"id": "6827",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3842",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3842"
},
{
"db": "BID",
"id": "3131"
},
{
"db": "NVD",
"id": "CVE-2001-1037"
},
{
"db": "CNNVD",
"id": "CNNVD-200101-005"
}
]
},
"id": "VAR-200101-0109",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3842"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:31:08.272000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1037"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3131"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/sn-kernel-pub.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/1917"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6827"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6827.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3842"
},
{
"db": "NVD",
"id": "CVE-2001-1037"
},
{
"db": "CNNVD",
"id": "CNNVD-200101-005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-3842"
},
{
"db": "BID",
"id": "3131"
},
{
"db": "NVD",
"id": "CVE-2001-1037"
},
{
"db": "CNNVD",
"id": "CNNVD-200101-005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-3842"
},
{
"date": "2001-08-01T00:00:00",
"db": "BID",
"id": "3131"
},
{
"date": "2001-01-08T05:00:00",
"db": "NVD",
"id": "CVE-2001-1037"
},
{
"date": "2001-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200101-005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-3842"
},
{
"date": "2001-08-01T00:00:00",
"db": "BID",
"id": "3131"
},
{
"date": "2018-10-30T16:25:32.670000",
"db": "NVD",
"id": "CVE-2001-1037"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200101-005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200101-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco SN 5420 Storage Router Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200101-005"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200101-005"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…