Sign-up

ID

VAR-200304-0040


CVE

CVE-2002-1501


TITLE

Enterasys SSR8000 SmartSwitch Port Scanning Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200304-044

DESCRIPTION

The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078. The SSR8000 is a SmartSwitch distributed and maintained by Enterasys. It has been discovered that SSR8000 switches react unpredictably when portscanned. When these switches are scanned using specific types of TCP traffic, and scanned on certain ports, the switch becomes unstable. It has been reported that this can be reproduced consistently to cause the switch to crash. Remote attackers can exploit this vulnerability to carry out denial of service attacks. The SSR8000 switch monitors TCP ports 15077 and 15078 in order to process the MPS code of ATM

Trust: 1.26

sources: NVD: CVE-2002-1501 // BID: 5703 // VULHUB: VHN-5886

AFFECTED PRODUCTS

vendor:enterasysmodel:smartswitch ssr8000scope:eqversion:e8.3.0.4

Trust: 1.6

vendor:enterasysmodel:smartswitch ssr8000scope:eqversion:e8.2.0.0

Trust: 1.6

vendor:enterasysmodel:smartswitch ssr8000 e8.3.0.4scope: - version: -

Trust: 0.3

vendor:enterasysmodel:smartswitch ssr8000 e8.2.0.0scope: - version: -

Trust: 0.3

sources: BID: 5703 // CNNVD: CNNVD-200304-044 // NVD: CVE-2002-1501

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1501
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200304-044
value: MEDIUM

Trust: 0.6

VULHUB: VHN-5886
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-1501
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-5886
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-5886 // CNNVD: CNNVD-200304-044 // NVD: CVE-2002-1501

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1501

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200304-044

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200304-044

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-5886

EXTERNAL IDS
db:NVDid:CVE-2002-1501
Trust: 2.0
db:BIDid:5703
Trust: 2.0
db:CNNVDid:CNNVD-200304-044
Trust: 0.7
db:XFid:10096
Trust: 0.6
db:BUGTRAQid:20020913 SCAN AGAINST ENTERASYS SSR8000 CRASH THE SYSTEM
Trust: 0.6
db:SEEBUGid:SSVID-75612
Trust: 0.1
db:EXPLOIT-DBid:21791
Trust: 0.1
db:VULHUBid:VHN-5886
Trust: 0.1
sources:
            
            
            VULHUB: VHN-5886 // 
            
            
            
            BID: 5703 // 
            
            
            
            CNNVD: CNNVD-200304-044 // 
            
            
            
            NVD: CVE-2002-1501

REFERENCES
url:http://www.enterasys.com/support/techtips/tk0659-9.html
Trust: 2.0
url:http://www.securityfocus.com/bid/5703
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2002-09/0141.html
Trust: 1.7
url:http://www.iss.net/security_center/static/10096.php
Trust: 1.7
sources:
            
            
            VULHUB: VHN-5886 // 
            
            
            
            BID: 5703 // 
            
            
            
            CNNVD: CNNVD-200304-044 // 
            
            
            
            NVD: CVE-2002-1501

CREDITS
Mella Marco※ m.mella@saritel.it
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200304-044

SOURCES
db:VULHUBid:VHN-5886
db:BIDid:5703
db:CNNVDid:CNNVD-200304-044
db:NVDid:CVE-2002-1501

LAST UPDATE DATE
2025-04-03T22:36:22.049000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-5886date:2008-09-05T00:00:00
db:BIDid:5703date:2009-07-11T17:06:00
db:CNNVDid:CNNVD-200304-044date:2005-05-13T00:00:00
db:NVDid:CVE-2002-1501date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:VULHUBid:VHN-5886date:2003-04-02T00:00:00
db:BIDid:5703date:2002-09-13T00:00:00
db:CNNVDid:CNNVD-200304-044date:2002-09-13T00:00:00
db:NVDid:CVE-2002-1501date:2003-04-02T05:00:00