Sign-up

ID

VAR-201111-0142


CVE

CVE-2011-3997


TITLE

Opengear console servers vulnerable to authentication bypass

Trust: 0.8

sources: JVNDB: JVNDB-2011-000096

DESCRIPTION

Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors. Opengear console servers contains an authentication bypass vulnerability. Opengear console servers are for managing servers and network products. Opengear console servers contain an authentication bypass vulnerability. Tadayoshi Nakahira reported this vulnerability to IPA. Versions prior to Opengear Console Server 2.2.1 are vulnerable. The vulnerability stems from an unidentified error. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Opengear Console Servers Authentication Security Bypass Vulnerability SECUNIA ADVISORY ID: SA46721 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46721/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46721 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46721/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46721/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46721 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Opengear Console Servers, which can be exploited by malicious people to bypass certain security restrictions. SOLUTION: Update to version 2.2.1. PROVIDED AND/OR DISCOVERED BY: JVN credits Tadayoshi Nakahira. ORIGINAL ADVISORY: http://jvn.jp/en/jp/JVN71349007/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000096.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2011-3997 // JVNDB: JVNDB-2011-000096 // BID: 50536 // VULHUB: VHN-51942 // PACKETSTORM: 106596

AFFECTED PRODUCTS

vendor:opengearmodel:console serverscope:eqversion:2.0.8

Trust: 1.6

vendor:opengearmodel:console serverscope:eqversion:2.1.0u1

Trust: 1.6

vendor:opengearmodel:console serverscope:eqversion:2.1.0

Trust: 1.6

vendor:opengearmodel:console serverscope:eqversion:2.0.4u1

Trust: 1.6

vendor:opengearmodel:console serverscope:eqversion:2.0.4

Trust: 1.6

vendor:opengearmodel:console serverscope:eqversion:2.0.9

Trust: 1.6

vendor:opengearmodel:console serverscope:eqversion:2.0.6

Trust: 1.6

vendor:opengearmodel:im4004-5 console serverscope:eqversion:*

Trust: 1.0

vendor:opengearmodel:cm4000 console serverscope:eqversion:*

Trust: 1.0

vendor:opengearmodel:kcs6000 rackside console serverscope:eqversion:*

Trust: 1.0

vendor:opengearmodel:im4200 console serverscope:eqversion:*

Trust: 1.0

vendor:opengearmodel:img4000 console serverscope:eqversion:*

Trust: 1.0

vendor:opengearmodel:console serverscope:lteversion:2.1.0u7

Trust: 1.0

vendor:opengearmodel:acm5000 console serverscope:eqversion:*

Trust: 1.0

vendor:opengearmodel:console serverscope:eqversion:prior to 2.2.1

Trust: 0.8

vendor:opengearmodel:console serverscope:eqversion:2.1.0u7

Trust: 0.6

vendor:opengearmodel:console serverscope:eqversion:0

Trust: 0.3

vendor:opengearmodel:console serverscope:neversion:2.2.1

Trust: 0.3

sources: BID: 50536 // JVNDB: JVNDB-2011-000096 // CNNVD: CNNVD-201111-146 // NVD: CVE-2011-3997

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3997
value: HIGH

Trust: 1.0

IPA: JVNDB-2011-000096
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201111-146
value: HIGH

Trust: 0.6

VULHUB: VHN-51942
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-3997
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2011-000096
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-51942
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-51942 // JVNDB: JVNDB-2011-000096 // CNNVD: CNNVD-201111-146 // NVD: CVE-2011-3997

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-51942 // JVNDB: JVNDB-2011-000096 // NVD: CVE-2011-3997

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201111-146

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201111-146

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-000096

PATCH
title:Opengear Console Serversurl:http://opengear.com/products_console_servers.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-000096

EXTERNAL IDS
db:JVNid:JVN71349007
Trust: 2.9
db:JVNDBid:JVNDB-2011-000096
Trust: 2.9
db:NVDid:CVE-2011-3997
Trust: 2.8
db:SECUNIAid:46721
Trust: 0.9
db:JVNid:JVN#71349007
Trust: 0.6
db:CNNVDid:CNNVD-201111-146
Trust: 0.6
db:BIDid:50536
Trust: 0.3
db:VULHUBid:VHN-51942
Trust: 0.1
db:PACKETSTORMid:106596
Trust: 0.1
sources:
            
            
            VULHUB: VHN-51942 // 
            
            
            
            BID: 50536 // 
            
            
            
            JVNDB: JVNDB-2011-000096 // 
            
            
            
            PACKETSTORM: 106596 // 
            
            
            
            CNNVD: CNNVD-201111-146 // 
            
            
            
            NVD: CVE-2011-3997

REFERENCES
url:http://jvn.jp/en/jp/jvn71349007/index.html
Trust: 2.9
url:http://jvndb.jvn.jp/jvndb/jvndb-2011-000096
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3997
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3997
Trust: 0.8
url:http://secunia.com/advisories/46721
Trust: 0.6
url:http://jvndb.jvn.jp/en/contents/2011/jvndb-2011-000096.html
Trust: 0.4
url:http://opengear.com/products_console_servers.html
Trust: 0.3
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=46721
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/products/corporate/vim/ovum_2011_request/
Trust: 0.1
url:http://secunia.com/advisories/46721/
Trust: 0.1
url:http://secunia.com/advisories/46721/#comments
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-51942 // 
            
            
            
            BID: 50536 // 
            
            
            
            JVNDB: JVNDB-2011-000096 // 
            
            
            
            PACKETSTORM: 106596 // 
            
            
            
            CNNVD: CNNVD-201111-146 // 
            
            
            
            NVD: CVE-2011-3997

CREDITS
Tadayoshi Nakahira
Trust: 0.3
sources:
            
            
            BID: 50536

SOURCES
db:VULHUBid:VHN-51942
db:BIDid:50536
db:JVNDBid:JVNDB-2011-000096
db:PACKETSTORMid:106596
db:CNNVDid:CNNVD-201111-146
db:NVDid:CVE-2011-3997

LAST UPDATE DATE
2025-04-11T23:08:53.242000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-51942date:2011-11-16T00:00:00
db:BIDid:50536date:2015-03-19T07:35:00
db:JVNDBid:JVNDB-2011-000096date:2011-11-04T00:00:00
db:CNNVDid:CNNVD-201111-146date:2011-11-14T00:00:00
db:NVDid:CVE-2011-3997date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-51942date:2011-11-09T00:00:00
db:BIDid:50536date:2011-11-04T00:00:00
db:JVNDBid:JVNDB-2011-000096date:2011-11-04T00:00:00
db:PACKETSTORMid:106596date:2011-11-04T01:06:30
db:CNNVDid:CNNVD-201111-146date:2011-11-08T00:00:00
db:NVDid:CVE-2011-3997date:2011-11-09T20:55:01.587