var-200108-0145
Vulnerability from variot
The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. The Cisco Content Service (CSS) switch is an Enterprise-level utility by Cisco Systems. The CSS switch is a Layer 5 and 7 aware switch capable of providing a high performance frontend to web server farms and caches. A problem with the switch could allow non-privileged users to upload files to the switch. The switch allows any user with a valid account to use the FTP PUT and GET functions. This problem makes it possible for a remote user to overwrite local files, or gain access to sensitive files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200108-0145",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "content services switch 11000",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "content services switch 11000",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "webns b19s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.1"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.1"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "webns 0b13s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "webns 1b23s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "content services switch 11000",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "2745"
},
{
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0621"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was announced to Bugtraq in a Cisco Security Advisory on May 18, 2001.",
"sources": [
{
"db": "BID",
"id": "2745"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0621",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "702bda50-23ce-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3435",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0621",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200108-050",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3435",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3435"
},
{
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. The Cisco Content Service (CSS) switch is an Enterprise-level utility by Cisco Systems. The CSS switch is a Layer 5 and 7 aware switch capable of providing a high performance frontend to web server farms and caches. \nA problem with the switch could allow non-privileged users to upload files to the switch. The switch allows any user with a valid account to use the FTP PUT and GET functions. \nThis problem makes it possible for a remote user to overwrite local files, or gain access to sensitive files",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"db": "BID",
"id": "2745"
},
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3435"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2745",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-0621",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "1834",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050",
"trust": 0.9
},
{
"db": "XF",
"id": "6557",
"trust": 0.6
},
{
"db": "CIAC",
"id": "L-085",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20010517 CISCO CONTENT SERVICE SWITCH 11000 SERIES FTP VULNERABILITY",
"trust": 0.6
},
{
"db": "IVD",
"id": "702BDA50-23CE-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-3435",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3435"
},
{
"db": "BID",
"id": "2745"
},
{
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"id": "VAR-200108-0145",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3435"
}
],
"trust": 0.03
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2023-12-18T13:05:40.336000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0621"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/2745"
},
{
"trust": 1.7,
"url": "http://www.ciac.org/ciac/bulletins/l-085.shtml"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/1834"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6557"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6557.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3435"
},
{
"db": "BID",
"id": "2745"
},
{
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3435"
},
{
"db": "BID",
"id": "2745"
},
{
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-08-14T00:00:00",
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"date": "2001-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-3435"
},
{
"date": "2001-05-17T00:00:00",
"db": "BID",
"id": "2745"
},
{
"date": "2001-08-14T04:00:00",
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"date": "2001-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3435"
},
{
"date": "2001-05-17T00:00:00",
"db": "BID",
"id": "2745"
},
{
"date": "2017-10-10T01:29:48.360000",
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Content Service switch FTP Access control vulnerability",
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "2745"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access verification error",
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.