var-200108-0146
Vulnerability from variot
The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. The Cisco Content Service Switch is an enterprise level web content switch, designed for load balancing and use as a frontend to a redundant web farm. It was previously manufactured by Arrowpoint. A problem with the switch can make it possible for a user to elevated privileges. Due to insufficent authentication checking, a user can bookmark the URL he or she is redirected to, and access the switch via that URL without authenication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200108-0146",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "content services switch 11000",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "content services switch 11000",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "webns 0b17s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "webns 0b13s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "webns b19s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.1"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.1"
},
{
"model": "webns 1b29s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "webns 1b23s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "content services switch 11000",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "70228d56-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "2806"
},
{
"db": "NVD",
"id": "CVE-2001-0622"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-058"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0622"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was announced to Bugtraq in a Cisco Security Advisory on May 31, 2001.",
"sources": [
{
"db": "BID",
"id": "2806"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-058"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0622",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "70228d56-23ce-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3436",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0622",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200108-058",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "70228d56-23ce-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3436",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "70228d56-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3436"
},
{
"db": "NVD",
"id": "CVE-2001-0622"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-058"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. The Cisco Content Service Switch is an enterprise level web content switch, designed for load balancing and use as a frontend to a redundant web farm. It was previously manufactured by Arrowpoint. \nA problem with the switch can make it possible for a user to elevated privileges. Due to insufficent authentication checking, a user can bookmark the URL he or she is redirected to, and access the switch via that URL without authenication",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0622"
},
{
"db": "BID",
"id": "2806"
},
{
"db": "IVD",
"id": "70228d56-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3436"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2806",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-0622",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "1848",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200108-058",
"trust": 0.9
},
{
"db": "CISCO",
"id": "20010531 CISCO CONTENT SERVICE SWITCH 11000 SERIES WEB MANAGEMENT VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "6631",
"trust": 0.6
},
{
"db": "IVD",
"id": "70228D56-23CE-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-3436",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "70228d56-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3436"
},
{
"db": "BID",
"id": "2806"
},
{
"db": "NVD",
"id": "CVE-2001-0622"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-058"
}
]
},
"id": "VAR-200108-0146",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "70228d56-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3436"
}
],
"trust": 0.03
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "70228d56-23ce-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2023-12-18T13:21:23.083000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0622"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/2806"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/1848"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6631"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6631.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3436"
},
{
"db": "NVD",
"id": "CVE-2001-0622"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-058"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "70228d56-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3436"
},
{
"db": "BID",
"id": "2806"
},
{
"db": "NVD",
"id": "CVE-2001-0622"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-058"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-08-14T00:00:00",
"db": "IVD",
"id": "70228d56-23ce-11e6-abef-000c29c66e3d"
},
{
"date": "2001-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-3436"
},
{
"date": "2001-05-31T00:00:00",
"db": "BID",
"id": "2806"
},
{
"date": "2001-08-14T04:00:00",
"db": "NVD",
"id": "CVE-2001-0622"
},
{
"date": "2001-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200108-058"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3436"
},
{
"date": "2001-05-31T00:00:00",
"db": "BID",
"id": "2806"
},
{
"date": "2017-10-10T01:29:48.420000",
"db": "NVD",
"id": "CVE-2001-0622"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200108-058"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200108-058"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Content Service Switch Management Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "70228d56-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "2806"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-058"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access verification error",
"sources": [
{
"db": "IVD",
"id": "70228d56-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-058"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.