Details of VAR-200208-0135

ID

VAR-200208-0135

CVE

CVE-2002-0769

TITLE

Cisco ATA-186 WEB Management Interface Access Verification bypasses the vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200208-022

DESCRIPTION

The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters. The Cisco ATA-186 Analog Telephone Adapter is a hardware device designed to interface between analog telephones and Voice over IP (VoIP). It includes support for web based configuration. Under some circumstances, it may be possible to bypass the authentication required for this web interface. This may be done with a specially formatted change password request. Exploitation allows a remote attacker to reconfigure the vulnerable device. Reportedly, HTTP requests consisting of a single character will cause the device to disclose sensitive configuration information, including the password to the administrative web interface. By viewing the source code of the configuration tool screen page, it can be seen that there are no hidden parameters used to maintain the state, so you can trust the device usage type and HTTP input to determine whether configuration is allowed: For example: if three \"ChangeUIPasswd\" parameters without any value are provided to the system, the ATA-186 will display the login screen, similarly, if all three values of \"ChangeUIPasswd\" are provided, but one of the values does not match the password stored in the device, the login screen will appear again, if all provided correctly parameters, the device considers that the user has passed the authentication and provides configuration information. Interestingly, if only two \"ChangeUIPasswd\" parameters are passed, the device can also allow the user to configure

Trust: 1.53

sources: NVD: CVE-2002-0769 // BID: 4712 // BID: 4711 // VULHUB: VHN-5160

AFFECTED PRODUCTS

vendor:	cisco	model:	ata-186	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	ata-186	scope:	eq	version:	*	Trust: 1.0

sources: BID: 4712 // BID: 4711 // CNNVD: CNNVD-200208-022 // NVD: CVE-2002-0769

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0769
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200208-022
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5160
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-0769
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5160
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5160 // CNNVD: CNNVD-200208-022 // NVD: CVE-2002-0769

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0769

THREAT TYPE

network

Trust: 0.6

sources: BID: 4712 // BID: 4711

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200208-022

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-5160

EXTERNAL IDS

db:	NVD	id:	CVE-2002-0769	Trust: 2.3
db:	BID	id:	4711	Trust: 2.0
db:	BID	id:	4712	Trust: 2.0
db:	CNNVD	id:	CNNVD-200208-022	Trust: 0.7
db:	CISCO	id:	20020523 ATA-186 PASSWORD DISCLOSURE VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20020509 CISCO ATA-186 ADMIN PASSWORD CAN BE TRIVIALLY CIRCUMVENTED	Trust: 0.6
db:	XF	id:	9057	Trust: 0.6
db:	XF	id:	9056	Trust: 0.6
db:	SEEBUG	id:	SSVID-75267	Trust: 0.1
db:	EXPLOIT-DB	id:	21441	Trust: 0.1
db:	VULHUB	id:	VHN-5160	Trust: 0.1

sources: VULHUB: VHN-5160 // BID: 4712 // BID: 4711 // CNNVD: CNNVD-200208-022 // NVD: CVE-2002-0769

REFERENCES

url:	http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/4711	Trust: 1.7
url:	http://www.securityfocus.com/bid/4712	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2002-05/0083.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/9057.php	Trust: 1.7
url:	http://www.iss.net/security_center/static/9056.php	Trust: 1.7
url:	http://www.cisco.com/warp/public/cc/pd/as/180/186/	Trust: 0.6

sources: VULHUB: VHN-5160 // BID: 4712 // BID: 4711 // CNNVD: CNNVD-200208-022 // NVD: CVE-2002-0769

CREDITS

Discovered by Patrick Michael Kane <pmk-bugtraq@wealsowalkdogs.com>.

Trust: 0.6

sources: BID: 4712 // BID: 4711

SOURCES

db:	VULHUB	id:	VHN-5160
db:	BID	id:	4712
db:	BID	id:	4711
db:	CNNVD	id:	CNNVD-200208-022
db:	NVD	id:	CVE-2002-0769

LAST UPDATE DATE

2025-04-03T22:30:55.434000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5160	date:	2008-09-05T00:00:00
db:	BID	id:	4712	date:	2009-07-11T12:46:00
db:	BID	id:	4711	date:	2009-07-11T12:46:00
db:	CNNVD	id:	CNNVD-200208-022	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-0769	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5160	date:	2002-08-12T00:00:00
db:	BID	id:	4712	date:	2002-05-09T00:00:00
db:	BID	id:	4711	date:	2002-05-09T00:00:00
db:	CNNVD	id:	CNNVD-200208-022	date:	2002-05-09T00:00:00
db:	NVD	id:	CVE-2002-0769	date:	2002-08-12T04:00:00