CVE-2004-1320
CVSS7.5
发布时间 :2004-12-15 00:00:00
修订时间 :2016-10-17 22:53:07
NMCOS    

[原文]Asante FM2008 running firmware 1.06 is shipped with a default username and password, which could allow remote attackers to gain unauthorized access.


[CNNVD]Asante FM2008 Managed Ethernet开关的默认后门帐户漏洞(CNNVD-200412-069)

        Asante FM2008运行的固件1.06出厂时就具有默认的用户名和密码,远程攻击者利用该漏洞获取未经授权的访问权限。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1320
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1320
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-069
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110312733624864&w=2
(UNKNOWN)  BUGTRAQ  20041215 Asante FM2008 10/100 Ethernet switch backdoor login
http://www.securityfocus.com/bid/11947
(VENDOR_ADVISORY)  BID  11947
http://xforce.iss.net/xforce/xfdb/18521
(UNKNOWN)  XF  asante-fm2008-default-account(18521)

- 漏洞信息

Asante FM2008 Managed Ethernet开关的默认后门帐户漏洞
高危 设计错误
2004-12-15 00:00:00 2005-10-20 00:00:00
远程  
        Asante FM2008运行的固件1.06出厂时就具有默认的用户名和密码,远程攻击者利用该漏洞获取未经授权的访问权限。
        

- 公告与补丁

        Reports indicate that firmware version 1.07 resolves this issue. Please see the references for more information.

- 漏洞信息

12419
Asante FM2008 Default superuser Account

- 漏洞描述

- 时间线

2004-12-16 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.07 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Asante FM2008 Managed Ethernet Switch Default Backdoor Account Vulnerability
Design Error 11947
Yes No
2004-12-15 12:00:00 2009-07-24 10:06:00
Joe Philipps <secfocus@joe.philipps.us> disclosed this vulnerability.

- 受影响的程序版本

Asante FM2008 Managed Ethernet Switch v01.06
Asante FM2008 Managed Ethernet Switch v01.07

- 不受影响的程序版本

Asante FM2008 Managed Ethernet Switch v01.07

- 漏洞讨论

Asante FM2008 managed Ethernet switches contain a default backdoor account vulnerability.

Attackers with network access to the telnet port of affected devices may gain administrative access by using the default credentials. Note that these credentials aren't usable in the web administration interface, but only in the telnet or serial interfaces.

Asante FM2008 v01.06 switches are vulnerable; other devices may be vulnerable as well.

- 漏洞利用

An exploit is not required.

- 解决方案

Reports indicate that firmware version 1.07 resolves this issue. Please see the references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站