Vulnerability Name:

CVE-2002-2300 (CCN-10739)

Assigned:2002-12-02
Published:2002-12-02
Updated:2017-07-29
Summary:Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com NBX 4.1.4 allows remote attackers to cause a denial of service (crash) via a long CEL command.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2002-2300

Source: BUGTRAQ
Type: UNKNOWN
20021202 [VU#317417] Denial of Service condition in vxworks ftpd/3com nbx

Source: CCN
Type: BugTraq Mailing List, 2002-12-02 18:04:31
[VU#317417] Denial of Service condition in vxworks ftpd/3com nbx

Source: BUGTRAQ
Type: UNKNOWN
20030427 3com NBX IP Phone Call manager Denial of Service - Update

Source: CCN
Type: SECTRACK ID: 1005732
3Com SuperStack 3 NBX and NBX 100 Telephony Systems Can Be Crashed By Remote Users Sending FTP Commands

Source: SECTRACK
Type: UNKNOWN
1005732

Source: SECTRACK
Type: UNKNOWN
1006760

Source: CERT-VN
Type: US Government Resource
VU#317417

Source: CCN
Type: OSVDB ID: 13576
3Com NBX ftpd CEL Command Remote Overflow

Source: MISC
Type: Exploit
http://www.secnap.com/alerts.php?pg=6

Source: CCN
Type: SECNAP Network Security, LLC Web site
3com NBX IP phone system Denial of Service Attack

Source: BID
Type: Exploit
6297

Source: CCN
Type: BID-6297
3Com SuperStack 3 NBX FTPD Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
3com-nbx-cel-bo(10739)

Source: XF
Type: UNKNOWN
3com-nbx-cel-bo(10739)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:3com:webbngss3nbxnts:4.0.17:*:*:*:*:*:*:*
  • OR cpe:/h:3com:webbngss3nbxnts:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/h:3com:webbngss3nbxnts:4.1.21:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/h:3com:webbngss3nbxnts:4.1.21:*:*:*:*:*:*:*
  • OR cpe:/h:3com:webbngss3nbxnts:4.0.17:*:*:*:*:*:*:*
  • OR cpe:/h:3com:webbngss3nbxnts:4.1.4:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    3com webbngss3nbxnts 4.0.17
    3com webbngss3nbxnts 4.1.4
    3com webbngss3nbxnts 4.1.21
    3com webbngss3nbxnts 4.1.21
    3com webbngss3nbxnts 4.0.17
    3com webbngss3nbxnts 4.1.4