VAR-200404-0064
Vulnerability from variot - Updated: 2024-02-13 23:03Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message. When accessing a Samsung SmartEther switch, via the telnet service or serial connection, authentication is required and the user is presented with a logon screen. It has been reported that it is possible to bypass this authentication procedure. An attacker may potentially exploit this condition to, for example, modify static MAC address mapping and perhaps enable man-in-the-middle style attacks. Other attacks are certainly possible. Samsung SmartEther SS6215S is a network switch. When connecting to a Samsung SmartEther switch, enter the user name \"admin\", enter the longest combination of characters in the password field (unable to enter) as the password data, and then press Enter, although it will prompt that the password does not match, but into the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200404-0064",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartether ss6215s switch",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "*"
},
{
"model": "smartether ss6215s switch",
"scope": null,
"trust": 0.6,
"vendor": "securecomputing",
"version": null
},
{
"model": "smartether ss6215s switch",
"scope": null,
"trust": 0.3,
"vendor": "samsung",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "10219"
},
{
"db": "CNNVD",
"id": "CNNVD-200404-089"
},
{
"db": "NVD",
"id": "CVE-2004-1970"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securecomputing:smartether_ss6215s_switch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1970"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kyle Duren\u203b acidrain_ask@pixitha.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200404-089"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1970",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-10398",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2004-1970",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1970",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200404-089",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-10398",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2004-1970",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10398"
},
{
"db": "VULMON",
"id": "CVE-2004-1970"
},
{
"db": "CNNVD",
"id": "CNNVD-200404-089"
},
{
"db": "NVD",
"id": "CVE-2004-1970"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message. When accessing a Samsung SmartEther switch, via the telnet service or serial connection, authentication is required and the user is presented with a logon screen. It has been reported that it is possible to bypass this authentication procedure. \nAn attacker may potentially exploit this condition to, for example, modify static MAC address mapping and perhaps enable man-in-the-middle style attacks. Other attacks are certainly possible. Samsung SmartEther SS6215S is a network switch. When connecting to a Samsung SmartEther switch, enter the user name \\\"admin\\\", enter the longest combination of characters in the password field (unable to enter) as the password data, and then press Enter, although it will prompt that the password does not match, but into the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1970"
},
{
"db": "BID",
"id": "10219"
},
{
"db": "VULHUB",
"id": "VHN-10398"
},
{
"db": "VULMON",
"id": "CVE-2004-1970"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "10219",
"trust": 2.1
},
{
"db": "NVD",
"id": "CVE-2004-1970",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-200404-089",
"trust": 0.7
},
{
"db": "XF",
"id": "15973",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040426 SAMSUNG SMARTETHER SS6215S SWITCH",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-10398",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2004-1970",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10398"
},
{
"db": "VULMON",
"id": "CVE-2004-1970"
},
{
"db": "BID",
"id": "10219"
},
{
"db": "CNNVD",
"id": "CNNVD-200404-089"
},
{
"db": "NVD",
"id": "CVE-2004-1970"
}
]
},
"id": "VAR-200404-0064",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10398"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T23:03:55.143000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1970"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/10219"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15973"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=108300407424571\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/15973"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108300407424571\u0026w=2"
},
{
"trust": 0.3,
"url": "/archive/1/361448"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108300407424571\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10398"
},
{
"db": "VULMON",
"id": "CVE-2004-1970"
},
{
"db": "BID",
"id": "10219"
},
{
"db": "CNNVD",
"id": "CNNVD-200404-089"
},
{
"db": "NVD",
"id": "CVE-2004-1970"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10398"
},
{
"db": "VULMON",
"id": "CVE-2004-1970"
},
{
"db": "BID",
"id": "10219"
},
{
"db": "CNNVD",
"id": "CNNVD-200404-089"
},
{
"db": "NVD",
"id": "CVE-2004-1970"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-04-26T00:00:00",
"db": "VULHUB",
"id": "VHN-10398"
},
{
"date": "2004-04-26T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1970"
},
{
"date": "2004-04-26T00:00:00",
"db": "BID",
"id": "10219"
},
{
"date": "2004-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200404-089"
},
{
"date": "2004-04-26T04:00:00",
"db": "NVD",
"id": "CVE-2004-1970"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10398"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1970"
},
{
"date": "2004-04-26T00:00:00",
"db": "BID",
"id": "10219"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200404-089"
},
{
"date": "2017-07-11T01:31:30.793000",
"db": "NVD",
"id": "CVE-2004-1970"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200404-089"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung SmartEther Switch Firmware verification bypasses the vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200404-089"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200404-089"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…