Details of VAR-200112-0165

ID

VAR-200112-0165

CVE

CVE-2001-1210

TITLE

Cisco Cable Access Router MIB Community Default password vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200112-146

DESCRIPTION

Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings. The ubr900 series routers are a Cable Access solution manufactured and maintained by Cisco Systems. They are designed to route traffic over cable networks. The MIB supports default community strings xyzzy, agent_steal, freekevin, and fubar. This problem has been confirmed in models ubr920, ubr924, and ubr925

Trust: 1.26

sources: NVD: CVE-2001-1210 // BID: 3758 // VULHUB: VHN-4015

AFFECTED PRODUCTS

vendor:	cisco	model:	ubr920	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ubr925	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ubr924	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ubr925	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ubr924	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ubr920	scope:	-	version:	-	Trust: 0.9

sources: BID: 3758 // CNNVD: CNNVD-200112-146 // NVD: CVE-2001-1210

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1210
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200112-146
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-4015
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-1210
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4015
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4015 // CNNVD: CNNVD-200112-146 // NVD: CVE-2001-1210

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1210

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200112-146

TYPE

Design Error

Trust: 0.9

sources: BID: 3758 // CNNVD: CNNVD-200112-146

EXTERNAL IDS

db:	BID	id:	3758	Trust: 2.0
db:	NVD	id:	CVE-2001-1210	Trust: 2.0
db:	CNNVD	id:	CNNVD-200112-146	Trust: 0.7
db:	VULNWATCH	id:	20020103 SECURITY PROBLEM IN CISCO UBR900 SERIES ROUTERS	Trust: 0.6
db:	BUGTRAQ	id:	20011230 POSSIBLE SECURITY PROBLEM WITH CISCO UBR900 SERIES ROUTERS	Trust: 0.6
db:	XF	id:	7806	Trust: 0.6
db:	VULHUB	id:	VHN-4015	Trust: 0.1

sources: VULHUB: VHN-4015 // BID: 3758 // CNNVD: CNNVD-200112-146 // NVD: CVE-2001-1210

REFERENCES

url:	http://www.securityfocus.com/bid/3758	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2001-12/0297.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0002.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/7806.php	Trust: 1.7
url:	http://www.cisco.com/univercd/cc/td/doc/product/cable/cab_modm/ubr925/hig925/index.htm	Trust: 0.3
url:	ftp://ftp.isi.edu/in-notes/rfc2669.txt	Trust: 0.3

sources: VULHUB: VHN-4015 // BID: 3758 // CNNVD: CNNVD-200112-146 // NVD: CVE-2001-1210

CREDITS

This vulnerability was announced by <secureks2002@yahoo.com> via the Bugtraq Mailing list on December 30, 2001.

Trust: 0.9

sources: BID: 3758 // CNNVD: CNNVD-200112-146

SOURCES

db:	VULHUB	id:	VHN-4015
db:	BID	id:	3758
db:	CNNVD	id:	CNNVD-200112-146
db:	NVD	id:	CVE-2001-1210

LAST UPDATE DATE

2025-04-03T22:38:27.877000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4015	date:	2008-09-10T00:00:00
db:	BID	id:	3758	date:	2009-07-11T09:56:00
db:	CNNVD	id:	CNNVD-200112-146	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1210	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4015	date:	2001-12-30T00:00:00
db:	BID	id:	3758	date:	2001-12-31T00:00:00
db:	CNNVD	id:	CNNVD-200112-146	date:	2001-12-30T00:00:00
db:	NVD	id:	CVE-2001-1210	date:	2001-12-30T05:00:00