VAR-200612-0415
Vulnerability from variot - Updated: 2023-12-18 12:23The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations. Allied Telesis AT-9000/24 switches are prone to an unauthorized-management-VLAN-access vulnerability. Exploiting this issue allows attackers with access to any port on affected switches to access the management VLAN. This may aid them in further attacks. Allied Telesis AT-9000/24 is a 24-port Gigabit switch made by Allied Telesis in the United States. Allied Telesis AT-9000/24 has loopholes in the managed access control, and attackers may gain unauthorized access to the device. Under normal circumstances, the remote management (SNMP, TELNET, HTTP) of the switch should only be performed through the management VLAN. The only management VLAN option for the AT-9000/24 is Default VLAN. However, if the switch is configured to contain multiple VLANs instead of just the Default VLAN, it can be managed from all of these VLANs.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.
Try it out online: http://secunia.com/software_inspector/
TITLE: Simple Web Content Management System "id" SQL Injection
SECUNIA ADVISORY ID: SA23590
VERIFY ADVISORY: http://secunia.com/advisories/23590/
CRITICAL: Moderately critical
IMPACT: Manipulation of data, Exposure of system information, Exposure of sensitive information
WHERE:
From remote
SOFTWARE: Simple Web Content Management System http://secunia.com/product/13142/
DESCRIPTION: DarkFig has discovered a vulnerability in Simple Web Content Management System, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "id" parameter in page.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation allows retrieval of arbitrary files from the database server.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY: DarkFig
ORIGINAL ADVISORY: http://acid-root.new.fr/poc/18070102.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0415",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "at-9000 24 ethernetswitch",
"scope": "eq",
"trust": 1.0,
"vendor": "alliedtelesyn",
"version": "*"
},
{
"model": "at-9000 24 ethernetswitch",
"scope": null,
"trust": 0.8,
"vendor": "allied telesis",
"version": null
},
{
"model": "at-9000 24 ethernetswitch",
"scope": null,
"trust": 0.6,
"vendor": "alliedtelesyn",
"version": null
},
{
"model": "at-9000/24",
"scope": "eq",
"trust": 0.3,
"vendor": "allied telesis",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "21628"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alliedtelesyn:at-9000_24_ethernetswitch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6717"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pasi Sj\u0026ouml;holm ptsjohol@cc.jyu.fi",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
],
"trust": 0.6
},
"cve": "CVE-2006-6717",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-6717",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-22825",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-6717",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-502",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-22825",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22825"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations. Allied Telesis AT-9000/24 switches are prone to an unauthorized-management-VLAN-access vulnerability. \nExploiting this issue allows attackers with access to any port on affected switches to access the management VLAN. This may aid them in further attacks. Allied Telesis AT-9000/24 \u200b\u200bis a 24-port Gigabit switch made by Allied Telesis in the United States. Allied Telesis AT-9000/24 \u200b\u200bhas loopholes in the managed access control, and attackers may gain unauthorized access to the device. Under normal circumstances, the remote management (SNMP, TELNET, HTTP) of the switch should only be performed through the management VLAN. The only management VLAN option for the AT-9000/24 \u200b\u200bis Default VLAN. However, if the switch is configured to contain multiple VLANs instead of just the Default VLAN, it can be managed from all of these VLANs. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nSimple Web Content Management System \"id\" SQL Injection\n\nSECUNIA ADVISORY ID:\nSA23590\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23590/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nManipulation of data, Exposure of system information, Exposure of\nsensitive information\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nSimple Web Content Management System\nhttp://secunia.com/product/13142/\n\nDESCRIPTION:\nDarkFig has discovered a vulnerability in Simple Web Content\nManagement System, which can be exploited by malicious people to\nconduct SQL injection attacks. \n\nInput passed to the \"id\" parameter in page.php is not properly\nsanitised before being used in SQL queries. This can be exploited to\nmanipulate SQL queries by injecting arbitrary SQL code. \n\nSuccessful exploitation allows retrieval of arbitrary files from the\ndatabase server. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. \n\nPROVIDED AND/OR DISCOVERED BY:\nDarkFig\n\nORIGINAL ADVISORY:\nhttp://acid-root.new.fr/poc/18070102.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"db": "BID",
"id": "21628"
},
{
"db": "VULHUB",
"id": "VHN-22825"
},
{
"db": "PACKETSTORM",
"id": "53423"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6717",
"trust": 2.5
},
{
"db": "BID",
"id": "21628",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "23590",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "23451",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200612-502",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061216 ALLIED TELESIS AT-9000/24 ETHERNET SWITCH MANAGEMENT CAN BE ACCESSED FROM ALL VLANS.",
"trust": 0.6
},
{
"db": "XF",
"id": "30924",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-22825",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "53423",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22825"
},
{
"db": "BID",
"id": "21628"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"db": "PACKETSTORM",
"id": "53423"
},
{
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"id": "VAR-200612-0415",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-22825"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:23:41.247000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.alliedtelesis.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6717"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/21628"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/23451"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/23590"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30924"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6717"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6717"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/30924"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/454630/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.alliedtelesyn.com/products/details.aspx?604"
},
{
"trust": 0.3,
"url": "/archive/1/454630"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://acid-root.new.fr/poc/18070102.txt"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/23590/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13142/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22825"
},
{
"db": "BID",
"id": "21628"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"db": "PACKETSTORM",
"id": "53423"
},
{
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-22825"
},
{
"db": "BID",
"id": "21628"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"db": "PACKETSTORM",
"id": "53423"
},
{
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-22825"
},
{
"date": "2006-12-16T00:00:00",
"db": "BID",
"id": "21628"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"date": "2007-01-04T17:16:54",
"db": "PACKETSTORM",
"id": "53423"
},
{
"date": "2006-12-23T11:28:00",
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"date": "2006-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-22825"
},
{
"date": "2006-12-18T17:33:00",
"db": "BID",
"id": "21628"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001793"
},
{
"date": "2018-10-17T21:49:28.943000",
"db": "NVD",
"id": "CVE-2006-6717"
},
{
"date": "2007-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allied Telesis AT-9000/24 Ethernet Vulnerability in an attack from an unexpected location on the switch",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001793"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-502"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…