var-200112-0223
Vulnerability from variot
Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication. The San Diego Supercomputer Center (SDSC) has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line (ADSL) modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of the following impacts: unauthorized access, unauthorized monitoring, information leakage, denial of service, and permanent disability of affected devices.The SDSC has published additional information regarding these vulnerabilities at http://security.sdsc.edu/self-help/alcatel/. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Adsl Modem 1000 is prone to a remote security vulnerability. Submitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources. Alcatel ADSL modems are vulnerable. The vulnerability allows unauthenticated access to TFTP
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200112-0223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "lotus",
"version": null
},
{
"model": "speed touch adsl modem",
"scope": "eq",
"trust": 1.6,
"vendor": "alcatel",
"version": "home"
},
{
"model": "adsl modem 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "alcatel",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rit",
"version": null
},
{
"model": "adsl modem 1000",
"scope": null,
"trust": 0.6,
"vendor": "alcatel",
"version": null
},
{
"model": "speed touch adsl modem home",
"scope": null,
"trust": 0.3,
"vendor": "alcatel",
"version": null
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.6"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.5"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.4"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.3"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.2"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.1"
},
{
"model": "domino",
"scope": "ne",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.7"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#211736"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "BID",
"id": "89747"
},
{
"db": "BID",
"id": "2565"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "89747"
}
],
"trust": 0.3
},
"cve": "CVE-2001-1484",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1484",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4288",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1484",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#211736",
"trust": 0.8,
"value": "27.56"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#676552",
"trust": 0.8,
"value": "10.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#601312",
"trust": 0.8,
"value": "9.98"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#310816",
"trust": 0.8,
"value": "1.62"
},
{
"author": "CNNVD",
"id": "CNNVD-200112-195",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4288",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#211736"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-4288"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication. The San Diego Supercomputer Center (SDSC) has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line (ADSL) modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of the following impacts: unauthorized access, unauthorized monitoring, information leakage, denial of service, and permanent disability of affected devices.The SDSC has published additional information regarding these vulnerabilities at http://security.sdsc.edu/self-help/alcatel/. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Adsl Modem 1000 is prone to a remote security vulnerability. \nSubmitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources. Alcatel ADSL modems are vulnerable. The vulnerability allows unauthenticated access to TFTP",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1484"
},
{
"db": "CERT/CC",
"id": "VU#211736"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "BID",
"id": "89747"
},
{
"db": "BID",
"id": "2565"
},
{
"db": "VULHUB",
"id": "VHN-4288"
}
],
"trust": 4.41
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#211736",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2001-1484",
"trust": 2.0
},
{
"db": "BID",
"id": "2565",
"trust": 1.1
},
{
"db": "XF",
"id": "6336",
"trust": 0.9
},
{
"db": "BID",
"id": "2571",
"trust": 0.8
},
{
"db": "XF",
"id": "6349",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#676552",
"trust": 0.8
},
{
"db": "XF",
"id": "6347",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#601312",
"trust": 0.8
},
{
"db": "XF",
"id": "6423",
"trust": 0.8
},
{
"db": "BID",
"id": "2636",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#310816",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200112-195",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "CA-2001-08",
"trust": 0.6
},
{
"db": "BID",
"id": "89747",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-4288",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#211736"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-4288"
},
{
"db": "BID",
"id": "89747"
},
{
"db": "BID",
"id": "2565"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"id": "VAR-200112-0223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4288"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T21:44:44.133000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cert.org/advisories/ca-2001-08.html"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/211736"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/advisories/3208"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6336"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/6336"
},
{
"trust": 0.8,
"url": "http://security.sdsc.edu/self-help/alcatel/"
},
{
"trust": 0.8,
"url": "http://www.alcatel.com/consumer/dsl/security.htm"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2571"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6349.php"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2565"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6347.php"
},
{
"trust": 0.8,
"url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2636"
},
{
"trust": 0.8,
"url": "http://www.ritlabs.com/the_bat/index.html"
},
{
"trust": 0.8,
"url": "http://www.security.nnov.ru/search/news.asp?binid=1136"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6423.php"
},
{
"trust": 0.3,
"url": "http://www.lotus.com/home.nsf/welcome/domino"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#211736"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-4288"
},
{
"db": "BID",
"id": "89747"
},
{
"db": "BID",
"id": "2565"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#211736"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-4288"
},
{
"db": "BID",
"id": "89747"
},
{
"db": "BID",
"id": "2565"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-04-10T00:00:00",
"db": "CERT/CC",
"id": "VU#211736"
},
{
"date": "2001-07-23T00:00:00",
"db": "CERT/CC",
"id": "VU#676552"
},
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#601312"
},
{
"date": "2001-06-01T00:00:00",
"db": "CERT/CC",
"id": "VU#310816"
},
{
"date": "2001-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-4288"
},
{
"date": "2001-12-31T00:00:00",
"db": "BID",
"id": "89747"
},
{
"date": "2001-04-11T00:00:00",
"db": "BID",
"id": "2565"
},
{
"date": "2001-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"date": "2001-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-04-11T00:00:00",
"db": "CERT/CC",
"id": "VU#211736"
},
{
"date": "2001-07-26T00:00:00",
"db": "CERT/CC",
"id": "VU#676552"
},
{
"date": "2001-07-17T00:00:00",
"db": "CERT/CC",
"id": "VU#601312"
},
{
"date": "2001-08-30T00:00:00",
"db": "CERT/CC",
"id": "VU#310816"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-4288"
},
{
"date": "2001-12-31T00:00:00",
"db": "BID",
"id": "89747"
},
{
"date": "2001-04-11T00:00:00",
"db": "BID",
"id": "2565"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-195"
},
{
"date": "2017-07-11T01:29:09.680000",
"db": "NVD",
"id": "CVE-2001-1484"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "89747"
},
{
"db": "BID",
"id": "2565"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel ADSL modems grant unauthenticated TFTP access via Bounce Attacks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#211736"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-195"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.