Details of VAR-200112-0223

ID

VAR-200112-0223

CVE

CVE-2001-1484

TITLE

Alcatel ADSL modems grant unauthenticated TFTP access via Bounce Attacks

Trust: 0.8

sources: CERT/CC: VU#211736

DESCRIPTION

Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication. The San Diego Supercomputer Center (SDSC) has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line (ADSL) modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of the following impacts: unauthorized access, unauthorized monitoring, information leakage, denial of service, and permanent disability of affected devices.The SDSC has published additional information regarding these vulnerabilities at http://security.sdsc.edu/self-help/alcatel/. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Adsl Modem 1000 is prone to a remote security vulnerability. Lotus Domino R5 prior to version 5.0.7 are subject to a DoS. A remotely submitted GET request composed of an arbitrary string of unicode characters, will cause the server to stop responding and possibly other applications depending on it. Rebooting the server is required in order to gain normal functionality. Alcatel ADSL modems are vulnerable. The vulnerability allows unauthenticated access to TFTP

Trust: 5.13

sources: NVD: CVE-2001-1484 // CERT/CC: VU#211736 // CERT/CC: VU#676552 // CERT/CC: VU#642760 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 89747 // BID: 2571 // VULHUB: VHN-4288

AFFECTED PRODUCTS

vendor:	lotus	model:	-	scope:	-	version:	-	Trust: 2.4
vendor:	alcatel	model:	speed touch adsl modem	scope:	eq	version:	home	Trust: 1.6
vendor:	alcatel	model:	adsl modem 1000	scope:	eq	version:	*	Trust: 1.0
vendor:	alcatel	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	rit	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	alcatel	model:	adsl modem 1000	scope:	-	version:	-	Trust: 0.6
vendor:	alcatel	model:	speed touch adsl modem home	scope:	-	version:	-	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	lotus	model:	domino	scope:	ne	version:	5.0.7	Trust: 0.3

sources: CERT/CC: VU#211736 // CERT/CC: VU#676552 // CERT/CC: VU#642760 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 89747 // BID: 2571 // CNNVD: CNNVD-200112-195 // NVD: CVE-2001-1484

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1484
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#211736
value:	27.56
Trust: 0.8
CARNEGIE MELLON:	VU#676552
value:	10.50
Trust: 0.8
CARNEGIE MELLON:	VU#642760
value:	10.50
Trust: 0.8
CARNEGIE MELLON:	VU#555464
value:	4.25
Trust: 0.8
CARNEGIE MELLON:	VU#310816
value:	1.62
Trust: 0.8
CNNVD:	CNNVD-200112-195
value:	HIGH
Trust: 0.6
VULHUB:	VHN-4288
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-1484
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4288
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#211736 // CERT/CC: VU#676552 // CERT/CC: VU#642760 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-4288 // CNNVD: CNNVD-200112-195 // NVD: CVE-2001-1484

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1484

THREAT TYPE

network

Trust: 0.6

sources: BID: 89747 // BID: 2571

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200112-195

EXTERNAL IDS

db:	CERT/CC	id:	VU#211736	Trust: 2.8
db:	NVD	id:	CVE-2001-1484	Trust: 2.0
db:	BID	id:	2571	Trust: 1.1
db:	XF	id:	6336	Trust: 0.9
db:	XF	id:	6349	Trust: 0.8
db:	CERT/CC	id:	VU#676552	Trust: 0.8
db:	BID	id:	2598	Trust: 0.8
db:	XF	id:	6351	Trust: 0.8
db:	CERT/CC	id:	VU#642760	Trust: 0.8
db:	BID	id:	2599	Trust: 0.8
db:	XF	id:	6350	Trust: 0.8
db:	CERT/CC	id:	VU#555464	Trust: 0.8
db:	XF	id:	6423	Trust: 0.8
db:	BID	id:	2636	Trust: 0.8
db:	CERT/CC	id:	VU#310816	Trust: 0.8
db:	CNNVD	id:	CNNVD-200112-195	Trust: 0.7
db:	CERT/CC	id:	CA-2001-08	Trust: 0.6
db:	BID	id:	89747	Trust: 0.4
db:	VULHUB	id:	VHN-4288	Trust: 0.1

sources: CERT/CC: VU#211736 // CERT/CC: VU#676552 // CERT/CC: VU#642760 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-4288 // BID: 89747 // BID: 2571 // CNNVD: CNNVD-200112-195 // NVD: CVE-2001-1484

REFERENCES

url:	http://www.securityfocus.com/advisories/3208	Trust: 2.4
url:	http://www.cert.org/advisories/ca-2001-08.html	Trust: 2.0
url:	http://www.kb.cert.org/vuls/id/211736	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6336	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/6336	Trust: 0.9
url:	http://security.sdsc.edu/self-help/alcatel/	Trust: 0.8
url:	http://www.alcatel.com/consumer/dsl/security.htm	Trust: 0.8
url:	http://www.securityfocus.com/bid/2571	Trust: 0.8
url:	http://xforce.iss.net/static/6349.php	Trust: 0.8
url:	http://www.securityfocus.com/bid/2598	Trust: 0.8
url:	http://xforce.iss.net/static/6351.php	Trust: 0.8
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126	Trust: 0.8
url:	http://www.securityfocus.com/bid/2599	Trust: 0.8
url:	http://xforce.iss.net/static/6350.php	Trust: 0.8
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument	Trust: 0.8
url:	http://www.securityfocus.com/bid/2636	Trust: 0.8
url:	http://www.ritlabs.com/the_bat/index.html	Trust: 0.8
url:	http://www.security.nnov.ru/search/news.asp?binid=1136	Trust: 0.8
url:	http://xforce.iss.net/static/6423.php	Trust: 0.8
url:	http://www.lotus.com/home.nsf/welcome/domino	Trust: 0.3

CREDITS

Unknown

Trust: 0.3

sources: BID: 89747

SOURCES

db:	CERT/CC	id:	VU#211736
db:	CERT/CC	id:	VU#676552
db:	CERT/CC	id:	VU#642760
db:	CERT/CC	id:	VU#555464
db:	CERT/CC	id:	VU#310816
db:	VULHUB	id:	VHN-4288
db:	BID	id:	89747
db:	BID	id:	2571
db:	CNNVD	id:	CNNVD-200112-195
db:	NVD	id:	CVE-2001-1484

LAST UPDATE DATE

2025-09-30T01:56:35.979000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#211736	date:	2001-04-11T00:00:00
db:	CERT/CC	id:	VU#676552	date:	2001-07-26T00:00:00
db:	CERT/CC	id:	VU#642760	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#555464	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-08-30T00:00:00
db:	VULHUB	id:	VHN-4288	date:	2017-07-11T00:00:00
db:	BID	id:	89747	date:	2001-12-31T00:00:00
db:	BID	id:	2571	date:	2001-04-11T00:00:00
db:	CNNVD	id:	CNNVD-200112-195	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1484	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#211736	date:	2001-04-10T00:00:00
db:	CERT/CC	id:	VU#676552	date:	2001-07-23T00:00:00
db:	CERT/CC	id:	VU#642760	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#555464	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-06-01T00:00:00
db:	VULHUB	id:	VHN-4288	date:	2001-12-31T00:00:00
db:	BID	id:	89747	date:	2001-12-31T00:00:00
db:	BID	id:	2571	date:	2001-04-11T00:00:00
db:	CNNVD	id:	CNNVD-200112-195	date:	2001-12-31T00:00:00
db:	NVD	id:	CVE-2001-1484	date:	2001-12-31T05:00:00