VAR-200212-0002
Vulnerability from variot - Updated: 2023-12-18 13:41Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. This gives anyone access to the OmniSwitch's Vx-Works operating system without requiring a password. Alcatel Operating System (AOS) version 5.1.1 Works Alcatel OmniSwitch 7700/7800 The switch was used during development telnet Port for server (6778/TCP) Is ready for continuous use. this telnet By using the service, you do not need a password, OmniSwitch of Vx-Works operating system Can be accessed.A third party could remotely gain control of the vulnerable device. As a result, unauthorized access, unauthorized monitoring, information leakage, denial of service (denial-of-service, DoS) It may be accompanied by dangers such as attacks. OmniSwitch 7700/7800 LAN switch runs Alcatel Operating System (AOS) operating system. This service is used to access the Wind River Vx-Works operating system during the development phase, but before the product is released No removal. Attackers can use this service to control the entire system. It is distributed and maintained by Alcatel. It has been discovered that an unintended back door is built into some releases of AOS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aos",
"scope": "eq",
"trust": 1.6,
"vendor": "alcatel",
"version": "5.1.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.1.1"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "aos",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "5.1.1"
},
{
"model": "aos .r03",
"scope": "ne",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "5.1.1"
},
{
"model": "aos .r02",
"scope": "ne",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "5.1.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1272"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Mirza Ahmad\u203b da@securityfocus.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2002-1272",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1272",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#181721",
"trust": 0.8,
"value": "49.50"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-022",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2002-1272",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. This gives anyone access to the OmniSwitch\u0027s Vx-Works operating system without requiring a password. Alcatel Operating System (AOS) version 5.1.1 Works Alcatel OmniSwitch 7700/7800 The switch was used during development telnet Port for server (6778/TCP) Is ready for continuous use. this telnet By using the service, you do not need a password, OmniSwitch of Vx-Works operating system Can be accessed.A third party could remotely gain control of the vulnerable device. As a result, unauthorized access, unauthorized monitoring, information leakage, denial of service (denial-of-service, DoS) It may be accompanied by dangers such as attacks. OmniSwitch 7700/7800 LAN switch runs Alcatel Operating System (AOS) operating system. This service is used to access the Wind River Vx-Works operating system during the development phase, but before the product is released No removal. Attackers can use this service to control the entire system. It is distributed and maintained by Alcatel. \nIt has been discovered that an unintended back door is built into some releases of AOS",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1272",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#181721",
"trust": 3.3
},
{
"db": "BID",
"id": "6220",
"trust": 2.0
},
{
"db": "XF",
"id": "10664",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2002-4084",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2002-32",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2002-1272",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"id": "VAR-200212-0002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-4084"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-4084"
}
]
},
"last_update_date": "2023-12-18T13:41:03.679000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.kb.cert.org/vuls/id/181721"
},
{
"trust": 2.0,
"url": "http://www.cert.org/advisories/ca-2002-32.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/6220"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/10664"
},
{
"trust": 1.1,
"url": "http://www.alcatel.com/support"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
},
{
"trust": 0.8,
"url": "http://www.ind.alcatel.com/nextgen/omniswitch_7000_brief.pdf"
},
{
"trust": 0.8,
"url": "http://www.ind.alcatel.com/specs/index.cfm?cnt=7000"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1272"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vn/jvnca-2002-32/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2002-1272"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#181721"
},
{
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"db": "BID",
"id": "6220"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-11-20T00:00:00",
"db": "CERT/CC",
"id": "VU#181721"
},
{
"date": "2002-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"date": "2002-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"date": "2002-11-21T00:00:00",
"db": "BID",
"id": "6220"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"date": "2002-12-11T05:00:00",
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"date": "2002-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-11-21T00:00:00",
"db": "CERT/CC",
"id": "VU#181721"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-4084"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2002-1272"
},
{
"date": "2009-07-11T19:16:00",
"db": "BID",
"id": "6220"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000355"
},
{
"date": "2017-10-10T01:30:10.453000",
"db": "NVD",
"id": "CVE-2002-1272"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel Operating System (AOS) does not require a password for accessing the telnet server",
"sources": [
{
"db": "CERT/CC",
"id": "VU#181721"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "6220"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-022"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…