CVE-2001-1037 - Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell wit

CVE-2001-1037

Summary

Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged.

References

http://www.cisco.com/warp/public/707/SN-kernel-pub.html
http://www.osvdb.org/1917
http://www.securityfocus.com/bid/3131
https://exchange.xforce.ibmcloud.com/vulnerabilities/6827

Vulnerable Configurations

cpe:2.3:o:cisco:sn_5420_storage_router_firmware:1.1\(2\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:sn_5420_storage_router_firmware:1.1\(2\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:sn_5420_storage_router_firmware:1.1\(3\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:sn_5420_storage_router_firmware:1.1\(3\):*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	3131
cisco	20010711 Vulnerabilities in Cisco SN 5420 Storage Routers
osvdb	1917
xf	cisco-sn-gain-access(6827)

Last major update

30-10-2018 - 16:25

Published

08-01-2001 - 05:00

Last modified

30-10-2018 - 16:25