Details of VAR-200207-0084

ID

VAR-200207-0084

CVE

CVE-2002-0540

TITLE

Nortel Networks CVX 1800 discloses privileged information

Trust: 0.8

sources: CERT/CC: VU#403315

DESCRIPTION

Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration. The Nortel Networks CVX 1800 Multi-Service Access Switch discloses privileged information. The device contains a default SNMP community string of "public", which may allow enable a remote attacker to gain access to sensitive information such as authentication credentials for local accounts on the device, network infrastructure info, etc. The Nortel CVX 1800 multi-service access gateway device has a default SNMP communication password \"public\". Remote attackers can use this password to obtain system sensitive information such as passwords and network structure. According to the test, the attacker can obtain the username and password information for accessing the Telnet service. An attacker can use the route command or view gateway to obtain the IP address of the Nortel CVX 1800 multi-service access gateway

Trust: 1.98

sources: NVD: CVE-2002-0540 // CERT/CC: VU#403315 // BID: 4507 // VULHUB: VHN-4932

AFFECTED PRODUCTS

vendor:	nortel	model:	cvx 1800 multi-service access switch	scope:	eq	version:	3.6.3	Trust: 1.6
vendor:	nortel	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nortel	model:	networks cvx multiservice access switch p5	scope:	eq	version:	18003.6.3	Trust: 0.3
vendor:	nortel	model:	networks cvx multiservice access switch p25	scope:	eq	version:	18003.6.3	Trust: 0.3
vendor:	nortel	model:	networks cvx multiservice access switch p24	scope:	eq	version:	18003.6.3	Trust: 0.3

sources: CERT/CC: VU#403315 // BID: 4507 // CNNVD: CNNVD-200207-060 // NVD: CVE-2002-0540

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0540
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#403315
value:	22.50
Trust: 0.8
CNNVD:	CNNVD-200207-060
value:	HIGH
Trust: 0.6
VULHUB:	VHN-4932
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-0540
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4932
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#403315 // VULHUB: VHN-4932 // CNNVD: CNNVD-200207-060 // NVD: CVE-2002-0540

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0540

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200207-060

TYPE

Design Error

Trust: 0.9

sources: BID: 4507 // CNNVD: CNNVD-200207-060

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-4932

EXTERNAL IDS

db:	BID	id:	4507	Trust: 2.8
db:	CERT/CC	id:	VU#403315	Trust: 2.5
db:	NVD	id:	CVE-2002-0540	Trust: 2.0
db:	CNNVD	id:	CNNVD-200207-060	Trust: 0.7
db:	BUGTRAQ	id:	20020413 NORTEL CVX 1800S WILL DUMP ALL LOCAL USER NAMES AND PASSWORDS VIA SNMP	Trust: 0.6
db:	BUGTRAQ	id:	20020419 RE: NORTEL CVX 1800S WILL DUMP ALL LOCAL USER NAMES AND PASSWORDS VIA SNMP	Trust: 0.6
db:	XF	id:	8848	Trust: 0.6
db:	EXPLOIT-DB	id:	21378	Trust: 0.1
db:	SEEBUG	id:	SSVID-75205	Trust: 0.1
db:	VULHUB	id:	VHN-4932	Trust: 0.1

sources: CERT/CC: VU#403315 // VULHUB: VHN-4932 // BID: 4507 // CNNVD: CNNVD-200207-060 // NVD: CVE-2002-0540

REFERENCES

url:	http://online.securityfocus.com/archive/1/267627	Trust: 2.5
url:	http://www.securityfocus.com/bid/4507	Trust: 2.5
url:	http://www.iss.net/security_center/static/8848.php	Trust: 2.5
url:	http://archives.neohapsis.com/archives/bugtraq/2002-04/0272.html	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/403315	Trust: 1.7
url:	http://www.nortelnetworks.com/products/01/cvx/cvx_1800/	Trust: 0.3
url:	http://www.nortelnetworks.com/corporate/technology/snpmv1.html	Trust: 0.3

sources: CERT/CC: VU#403315 // VULHUB: VHN-4932 // BID: 4507 // CNNVD: CNNVD-200207-060 // NVD: CVE-2002-0540

CREDITS

Michael Rawls※ bugtraq@shadowstorm.com

Trust: 0.6

sources: CNNVD: CNNVD-200207-060

SOURCES

db:	CERT/CC	id:	VU#403315
db:	VULHUB	id:	VHN-4932
db:	BID	id:	4507
db:	CNNVD	id:	CNNVD-200207-060
db:	NVD	id:	CVE-2002-0540

LAST UPDATE DATE

2025-04-03T22:19:26.764000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#403315	date:	2004-01-22T00:00:00
db:	VULHUB	id:	VHN-4932	date:	2008-09-05T00:00:00
db:	BID	id:	4507	date:	2009-07-11T11:56:00
db:	CNNVD	id:	CNNVD-200207-060	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-0540	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#403315	date:	2002-05-16T00:00:00
db:	VULHUB	id:	VHN-4932	date:	2002-07-03T00:00:00
db:	BID	id:	4507	date:	2002-04-15T00:00:00
db:	CNNVD	id:	CNNVD-200207-060	date:	2002-04-15T00:00:00
db:	NVD	id:	CVE-2002-0540	date:	2002-07-03T04:00:00