Details of VAR-200212-0097

ID

VAR-200212-0097

CVE

CVE-2002-2148

TITLE

Lucent router UDP port 9 Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-584

DESCRIPTION

Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTerminator allows remote attackers to obtain sensitive information such as hostname, MAC, and IP address of the Ethernet interface via a discard (UDP port 9) packet, which causes the device to leak the information in the response. Several Lucent Router product lines include support for a configuration tool which communicates over UDP on port 9. If a specially crafted packet is sent to some of these devices on UDP port 9, a response is issued which contains sensitive information. This information may be of aid in further attacks against the network or device

Trust: 1.35

sources: NVD: CVE-2002-2148 // BID: 5335 // VULHUB: VHN-6531 // VULMON: CVE-2002-2148

AFFECTED PRODUCTS

vendor:	lucent	model:	ascend pipeline router	scope:	eq	version:	5.0	Trust: 1.9
vendor:	lucent	model:	ascend pipeline router	scope:	eq	version:	4.0	Trust: 1.9
vendor:	lucent	model:	ascend pipeline router	scope:	eq	version:	3.0	Trust: 1.9
vendor:	lucent	model:	ascend pipeline router	scope:	eq	version:	2.0	Trust: 1.9
vendor:	lucent	model:	ascend pipeline router	scope:	eq	version:	1.0	Trust: 1.9
vendor:	lucent	model:	ascend max router	scope:	eq	version:	5.0	Trust: 1.9
vendor:	lucent	model:	ascend max router	scope:	eq	version:	4.0	Trust: 1.9
vendor:	lucent	model:	ascend max router	scope:	eq	version:	3.0	Trust: 1.9
vendor:	lucent	model:	ascend max router	scope:	eq	version:	2.0	Trust: 1.9
vendor:	lucent	model:	ascend max router	scope:	eq	version:	5.0_ap48	Trust: 1.6
vendor:	lucent	model:	ascend pipeline router	scope:	eq	version:	6.0.2	Trust: 1.3
vendor:	lucent	model:	ascend pipeline router	scope:	eq	version:	6.0	Trust: 1.3
vendor:	lucent	model:	dslterminator	scope:	eq	version:	*	Trust: 1.0
vendor:	lucent	model:	dslterminator	scope:	-	version:	-	Trust: 0.3
vendor:	lucent	model:	ascend max router ap48	scope:	eq	version:	5.0	Trust: 0.3
vendor:	lucent	model:	ascend max router	scope:	eq	version:	1.0	Trust: 0.3
vendor:	ascend	model:	pipeline .0a	scope:	eq	version:	5.0	Trust: 0.3
vendor:	ascend	model:	max .0ap42	scope:	eq	version:	5.0	Trust: 0.3
vendor:	lucent	model:	ascend tnt router	scope:	ne	version:	2.0.3	Trust: 0.3
vendor:	lucent	model:	ascend tnt router	scope:	ne	version:	2.0	Trust: 0.3
vendor:	lucent	model:	ascend tnt router	scope:	ne	version:	1.0	Trust: 0.3

sources: BID: 5335 // CNNVD: CNNVD-200212-584 // NVD: CVE-2002-2148

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2148
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200212-584
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-6531
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2002-2148
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-2148
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-6531
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6531 // VULMON: CVE-2002-2148 // CNNVD: CNNVD-200212-584 // NVD: CVE-2002-2148

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-2148

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-584

TYPE

Design Error

Trust: 0.9

sources: BID: 5335 // CNNVD: CNNVD-200212-584

EXTERNAL IDS

db:	BID	id:	5335	Trust: 2.1
db:	NVD	id:	CVE-2002-2148	Trust: 1.8
db:	CNNVD	id:	CNNVD-200212-584	Trust: 0.7
db:	XF	id:	9	Trust: 0.6
db:	BUGTRAQ	id:	20020727 PHENOELIT ADVISORY 0815 ++ ** ASCEND	Trust: 0.6
db:	VULHUB	id:	VHN-6531	Trust: 0.1
db:	VULMON	id:	CVE-2002-2148	Trust: 0.1

sources: VULHUB: VHN-6531 // VULMON: CVE-2002-2148 // BID: 5335 // CNNVD: CNNVD-200212-584 // NVD: CVE-2002-2148

REFERENCES

url:	http://www.securityfocus.com/bid/5335	Trust: 1.8
url:	http://online.securityfocus.com/archive/1/284650	Trust: 1.8
url:	http://www.iss.net/security_center/static/9704.php	Trust: 1.8
url:	http://www.lucent.com	Trust: 0.3
url:	http://www.phenoelit.de/stuff/lucent_ascend.txt	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-6531 // VULMON: CVE-2002-2148 // BID: 5335 // CNNVD: CNNVD-200212-584 // NVD: CVE-2002-2148

CREDITS

Published by FX

Trust: 0.6

sources: CNNVD: CNNVD-200212-584

SOURCES

db:	VULHUB	id:	VHN-6531
db:	VULMON	id:	CVE-2002-2148
db:	BID	id:	5335
db:	CNNVD	id:	CNNVD-200212-584
db:	NVD	id:	CVE-2002-2148

LAST UPDATE DATE

2025-04-03T22:13:59.689000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6531	date:	2008-09-05T00:00:00
db:	VULMON	id:	CVE-2002-2148	date:	2008-09-05T00:00:00
db:	BID	id:	5335	date:	2002-07-27T00:00:00
db:	CNNVD	id:	CNNVD-200212-584	date:	2006-01-30T00:00:00
db:	NVD	id:	CVE-2002-2148	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6531	date:	2002-12-31T00:00:00
db:	VULMON	id:	CVE-2002-2148	date:	2002-12-31T00:00:00
db:	BID	id:	5335	date:	2002-07-27T00:00:00
db:	CNNVD	id:	CNNVD-200212-584	date:	2002-12-31T00:00:00
db:	NVD	id:	CVE-2002-2148	date:	2002-12-31T05:00:00