Details of VAR-200212-0104

ID

VAR-200212-0104

CVE

CVE-2002-2037

TITLE

Solaris Vulnerability threat Cisco Media Gateway Controller Safety

Trust: 0.6

sources: CNNVD: CNNVD-200212-782

DESCRIPTION

The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities. The Cisco Media Gateway Controller (MGC) product is based on Sun's Solaris operating system version 2.6. There are a number of unpatched Solaris vulnerabilities present by default in Solaris that may be exploited to compromise the device. Cisco has made patches available for MGC systems that correct the Solaris vulnerabilities

Trust: 1.26

sources: NVD: CVE-2002-2037 // BID: 3897 // VULHUB: VHN-6420

AFFECTED PRODUCTS

vendor:	cisco	model:	vsc3000	scope:	lte	version:	9.1	Trust: 1.0
vendor:	cisco	model:	pgw 2200	scope:	lte	version:	9.1	Trust: 1.0
vendor:	cisco	model:	sc2200	scope:	lte	version:	7.4	Trust: 1.0
vendor:	cisco	model:	vspt	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	bams	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	pgw 2200	scope:	eq	version:	9.1	Trust: 0.6
vendor:	cisco	model:	sc2200	scope:	eq	version:	7.4	Trust: 0.6
vendor:	cisco	model:	vspt	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	vsc3000	scope:	eq	version:	9.1	Trust: 0.6
vendor:	cisco	model:	bams	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	voice services provisioning tool	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	virtual switch controller	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	signaling controller	scope:	eq	version:	2200	Trust: 0.3
vendor:	cisco	model:	pgw2200 pstn gateway	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	billing and management server	scope:	-	version:	-	Trust: 0.3

sources: BID: 3897 // CNNVD: CNNVD-200212-782 // NVD: CVE-2002-2037

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2037
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200212-782
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-6420
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-2037
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6420
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6420 // CNNVD: CNNVD-200212-782 // NVD: CVE-2002-2037

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-2037

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-782

TYPE

wrong environmental conditions

Trust: 0.6

sources: CNNVD: CNNVD-200212-782

EXTERNAL IDS

db:	BID	id:	3897	Trust: 2.0
db:	NVD	id:	CVE-2002-2037	Trust: 1.7
db:	CNNVD	id:	CNNVD-200212-782	Trust: 0.7
db:	XF	id:	7912	Trust: 0.6
db:	NSFOCUS	id:	2144	Trust: 0.6
db:	CISCO	id:	20020116 HARDENING OF SOLARIS OS FOR MGC	Trust: 0.6
db:	VULHUB	id:	VHN-6420	Trust: 0.1

sources: VULHUB: VHN-6420 // BID: 3897 // CNNVD: CNNVD-200212-782 // NVD: CVE-2002-2037

REFERENCES

url:	http://www.cisco.com/warp/public/707/solaris-for-mgc-pub.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/3897	Trust: 1.7
url:	http://www.iss.net/security_center/static/7912.php	Trust: 1.7
url:	http://www.nsfocus.net/vulndb/2144	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html	Trust: 0.3
url:	http://www.cert.org/security-improvement/modules/m09.html	Trust: 0.3

sources: VULHUB: VHN-6420 // BID: 3897 // CNNVD: CNNVD-200212-782 // NVD: CVE-2002-2037

CREDITS

Cisco PSIRT※ psirt@cisco.com

Trust: 0.6

sources: CNNVD: CNNVD-200212-782

SOURCES

db:	VULHUB	id:	VHN-6420
db:	BID	id:	3897
db:	CNNVD	id:	CNNVD-200212-782
db:	NVD	id:	CVE-2002-2037

LAST UPDATE DATE

2025-04-03T22:38:26.394000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6420	date:	2008-09-05T00:00:00
db:	BID	id:	3897	date:	2002-01-16T00:00:00
db:	CNNVD	id:	CNNVD-200212-782	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-2037	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6420	date:	2002-12-31T00:00:00
db:	BID	id:	3897	date:	2002-01-16T00:00:00
db:	CNNVD	id:	CNNVD-200212-782	date:	2002-01-16T00:00:00
db:	NVD	id:	CVE-2002-2037	date:	2002-12-31T05:00:00