VAR-200108-0145
Vulnerability from variot - Updated: 2023-12-18 13:05The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. The Cisco Content Service (CSS) switch is an Enterprise-level utility by Cisco Systems. The CSS switch is a Layer 5 and 7 aware switch capable of providing a high performance frontend to web server farms and caches. A problem with the switch could allow non-privileged users to upload files to the switch. The switch allows any user with a valid account to use the FTP PUT and GET functions. This problem makes it possible for a remote user to overwrite local files, or gain access to sensitive files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200108-0145",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "content services switch 11000",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "content services switch 11000",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "webns b19s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.1"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.1"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "webns 0b13s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "webns 1b23s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "content services switch 11000",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "2745"
},
{
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0621"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was announced to Bugtraq in a Cisco Security Advisory on May 18, 2001.",
"sources": [
{
"db": "BID",
"id": "2745"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0621",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "702bda50-23ce-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3435",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0621",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200108-050",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3435",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3435"
},
{
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. The Cisco Content Service (CSS) switch is an Enterprise-level utility by Cisco Systems. The CSS switch is a Layer 5 and 7 aware switch capable of providing a high performance frontend to web server farms and caches. \nA problem with the switch could allow non-privileged users to upload files to the switch. The switch allows any user with a valid account to use the FTP PUT and GET functions. \nThis problem makes it possible for a remote user to overwrite local files, or gain access to sensitive files",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"db": "BID",
"id": "2745"
},
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3435"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2745",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-0621",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "1834",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050",
"trust": 0.9
},
{
"db": "XF",
"id": "6557",
"trust": 0.6
},
{
"db": "CIAC",
"id": "L-085",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20010517 CISCO CONTENT SERVICE SWITCH 11000 SERIES FTP VULNERABILITY",
"trust": 0.6
},
{
"db": "IVD",
"id": "702BDA50-23CE-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-3435",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3435"
},
{
"db": "BID",
"id": "2745"
},
{
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"id": "VAR-200108-0145",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3435"
}
],
"trust": 0.03
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2023-12-18T13:05:40.336000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0621"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/2745"
},
{
"trust": 1.7,
"url": "http://www.ciac.org/ciac/bulletins/l-085.shtml"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/1834"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6557"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6557.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3435"
},
{
"db": "BID",
"id": "2745"
},
{
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3435"
},
{
"db": "BID",
"id": "2745"
},
{
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-08-14T00:00:00",
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"date": "2001-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-3435"
},
{
"date": "2001-05-17T00:00:00",
"db": "BID",
"id": "2745"
},
{
"date": "2001-08-14T04:00:00",
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"date": "2001-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3435"
},
{
"date": "2001-05-17T00:00:00",
"db": "BID",
"id": "2745"
},
{
"date": "2017-10-10T01:29:48.360000",
"db": "NVD",
"id": "CVE-2001-0621"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Content Service switch FTP Access control vulnerability",
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "2745"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access verification error",
"sources": [
{
"db": "IVD",
"id": "702bda50-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-050"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…