Details of VAR-201304-0496

ID

VAR-201304-0496

TITLE

Aastra 6753i IP Telephone Hardcoded Password Security Bypass Vulnerability

Trust: 0.9

sources: BID: 58935 // CNNVD: CNNVD-201304-118

DESCRIPTION

The Aastra 6753i IP Telephone is an IP telephony device. The Aastra 6753i IP Telephone includes a built-in \"admin\" account for telnet. Its password hashing algorithm is relatively simple. It can be easily extracted using the \"vxworks_mem_search.rb\" tool, one of which is \"[M]qozn~\", using this account. Get shell access for denial of service and other attacks. Aastra 6753i IP Telephone 3.2.2.56 version has a security bypass vulnerability. An attacker could use this vulnerability to bypass security restrictions and perform unauthorized actions

Trust: 1.35

sources: CNVD: CNVD-2013-02856 // CNNVD: CNNVD-201304-118 // BID: 58935

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-02856

AFFECTED PRODUCTS

vendor:	aastra	model:	limited aastra 6753i ip telephone	scope:	-	version:	-	Trust: 0.6
vendor:	aastra	model:	6753i	scope:	eq	version:	3.2.2.56	Trust: 0.3

sources: CNVD: CNVD-2013-02856 // BID: 58935

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-02856
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2013-02856
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-02856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-118

TYPE

Design Error

Trust: 0.3

sources: BID: 58935

EXTERNAL IDS

db:	BID	id:	58935	Trust: 1.5
db:	CNVD	id:	CNVD-2013-02856	Trust: 0.6
db:	CNNVD	id:	CNNVD-201304-118	Trust: 0.6

sources: CNVD: CNVD-2013-02856 // BID: 58935 // CNNVD: CNNVD-201304-118

REFERENCES

url:	http://www.securityfocus.com/archive/1/526207	Trust: 0.6
url:	http://www.securityfocus.com/bid/58935	Trust: 0.6
url:	http://www.aastra.in/aastra-6753i.htm	Trust: 0.3
url:	/archive/1/526207	Trust: 0.3

sources: CNVD: CNVD-2013-02856 // BID: 58935 // CNNVD: CNNVD-201304-118

CREDITS

Timo Juhani Lindfors

Trust: 0.9

sources: BID: 58935 // CNNVD: CNNVD-201304-118

SOURCES

db:	CNVD	id:	CNVD-2013-02856
db:	BID	id:	58935
db:	CNNVD	id:	CNNVD-201304-118

LAST UPDATE DATE

2022-05-17T01:37:06.795000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-02856	date:	2013-04-10T00:00:00
db:	BID	id:	58935	date:	2013-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201304-118	date:	2013-04-12T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-02856	date:	2013-04-10T00:00:00
db:	BID	id:	58935	date:	2013-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201304-118	date:	2013-04-12T00:00:00