CVE-1999-1420
CVSS10.0
发布时间 :1998-07-20 00:00:00
修订时间 :2016-10-17 22:04:18
NMCOS    

[原文]NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door password that cannot be disabled, which allows remote attackers to modify the switch's configuration.


[CNNVD]N-Base交换机漏洞(CNNVD-199807-025)

        NBase 交换机 NH2012、NH2012R、NH2015以及NH2048有一个不可关闭的非法途径密码,远程攻击者借此修改交换机的配置。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/h:n-base:nh2012:2.53
cpe:/h:n-base:nh2012r:2.53
cpe:/h:n-base:nh2048:1.33
cpe:/h:n-base:nh3012:2.1
cpe:/h:n-base:nh2015:2.51

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1420
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1420
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199807-025
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=90221104526016&w=2
(UNKNOWN)  BUGTRAQ  19980720 N-Base Vulnerability Advisory
http://marc.info/?l=bugtraq&m=90221104526065&w=2
(UNKNOWN)  BUGTRAQ  19980722 N-Base Vulnerability Advisory Followup
http://www.securityfocus.com/bid/212
(UNKNOWN)  BID  212

- 漏洞信息

N-Base交换机漏洞
危急 其他
1998-07-20 00:00:00 2005-10-20 00:00:00
远程  
        NBase 交换机 NH2012、NH2012R、NH2015以及NH2048有一个不可关闭的非法途径密码,远程攻击者借此修改交换机的配置。

- 公告与补丁

        Upgrading to a newer software revision is the only effective way to solve these security problems. Updated software is available from
        http://www.nbase.com. A post was sent to the Bugtraq mailing list by Geoff Cummins detailing the additional security features found in the updated software. They are as follows.
        set-full-sec enable (this disables the backdoor passwords)
        set-sw-file XXX (where XXX is the name you want to call your SNMP software update file)
        set-par-file XXX (where XXX is the name you want to call your parameters file)
        set-passwd (this will display a prompt to enter a new password)
        set-comm read XXX (where XXX is the new read community)
        set-comm write XXX (where XXX is the new write community)
        These steps should secure the mentioned MegaSwitch II configurations.
        For GigaFrame Switch NH3012 2.1
        set-full-sec enabled
        set-sw-file XXX
        set-par-file XXX
        set-comm read XXX
        set-comm write XXX
        set-passwd
        del-user user (By default there are two users "super", and "user". "super" has supervisor priveldges, "user" is just a default. To secure the system, you should delete the "user" account.)

- 漏洞信息

7967
NBase Switches Back Door Password
Local Access Required Other
Loss of Integrity
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-08-31 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

N-Base Switch Vulnerability
Access Validation Error 212
Yes No
1998-07-20 12:00:00 2009-07-11 12:16:00
These vulnerabilities were posted to the Bugtraq mailing list on July 20, 1998 by TTSG <ttsg@TTSG.COM> in a detailed advisory. A followup was posted on July 20, 1998 by Geoff Cummins <geoff@NBASE.COM>.

- 受影响的程序版本

N-Base NH3012 2.1
N-Base NH2048 1.33
N-Base NH2015 2.51
N-Base NH2012R 2.53
N-Base NH2012 2.53
N-Base NH3012 2.2
N-Base NH2048 1.34
N-Base NH2015 2.52
N-Base NH2012R 2.54
N-Base NH2012 2.54

- 不受影响的程序版本

N-Base NH3012 2.2
N-Base NH2048 1.34
N-Base NH2015 2.52
N-Base NH2012R 2.54
N-Base NH2012 2.54

- 漏洞讨论

A number of vulnerabilities exist in switches produced by N-Base Communications. These vulnerabilities allow any user who can access the switch via the console port or the network to modify and alter the configuration of these switches, as well as upload arbitrary code images to these switches.

N-Base switches all contain a "backdoor" password, in order to allow users who forget their password to access the switch. This backdoor in effect eliminates all security on these switches. By entering any legitimate user name, with the password of "forgot" or "debug", the user will have the full privelege of the account being used. The debug account further allows for the modification of machine registers, which can be used to easily deny any traffic from passing through the switch.

In addition, these switches have a TFTP server built in to them that allow arbitrary hosts to upload images to them. Any attacker who accesses the switch can enable this tftp server, and use it to overwrite the running image. This could easily cause the switch to cease functioning.

- 漏洞利用

Any legitimate account can be accessed by using a password of 'debug' or 'forgot'. The default accounts on these switches are 'super' and 'user'

- 解决方案

Upgrading to a newer software revision is the only effective way to solve these security problems. Updated software is available from http://www.nbase.com. A post was sent to the Bugtraq mailing list by Geoff Cummins <geoff@NBASE.com> detailing the additional security features found in the updated software. They are as follows.

set-full-sec enable (this disables the backdoor passwords)

set-sw-file XXX (where XXX is the name you want to call your SNMP software update file)

set-par-file XXX (where XXX is the name you want to call your parameters file)

set-passwd <return> (this will display a prompt to enter a new password)

set-comm read XXX (where XXX is the new read community)

set-comm write XXX (where XXX is the new write community)

These steps should secure the mentioned MegaSwitch II configurations.

For GigaFrame Switch NH3012 2.1

set-full-sec enabled

set-sw-file XXX

set-par-file XXX

set-comm read XXX

set-comm write XXX

set-passwd <return>

del-user user (By default there are two users "super", and "user". "super" has supervisor priveldges, "user" is just a default. To secure the system, you should delete the "user" account.)

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站