Vulnerability Name:

CVE-2000-0147 (CCN-1438)

Assigned:1998-11-17
Published:1998-11-17
Updated:2008-09-05
Summary:snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: SCO
Type: Patch, Vendor Advisory
SB-00.04a

Source: NAI
Type: Patch, Vendor Advisory
20000207 SNMPD default writable community string

Source: MITRE
Type: CNA
CVE-2000-0147

Source: MITRE
Type: CNA
CVE-2000-0379

Source: MITRE
Type: CNA
CVE-2000-0515

Source: MITRE
Type: CNA
CVE-2001-0046

Source: MITRE
Type: CNA
CVE-2001-0380

Source: MITRE
Type: CNA
CVE-2001-1210

Source: MITRE
Type: CNA
CVE-2002-0478

Source: MITRE
Type: CNA
CVE-2002-0540

Source: MITRE
Type: CNA
CVE-2002-0812

Source: CCN
Type: US-CERT VU#403315
Nortel Networks CVX 1800 discloses privileged information

Source: CCN
Type: BID-1177
Netopia DSL Router Vulnerability

Source: CCN
Type: BID-1327
HP SNMPD File Permission Vulnerabilities

Source: CCN
Type: BID-2066
Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability

Source: CCN
Type: BID-3758
Cisco Cable Access Router MIB Community Default Passwords Vulnerability

Source: CCN
Type: BID-4330
Foundry Networks EdgeIron SNMP Community String Read-Write Vulnerability

Source: CCN
Type: BID-4331
ISS RealSecure for Nokia IDS Devices Default KeyAdministrator Entry Vulnerability

Source: CCN
Type: BID-4507
Nortel CVX 1800 Multi-Service Access Switch Default SNMP Community Vulnerability

Source: CCN
Type: BID-5436
Orinoco OEM Residential Gateway SNMP Community String Remote Configuration Vulnerability

Source: BID
Type: UNKNOWN
973

Source: CCN
Type: BID-973
SCO OpenServer SNMPD Default Community Vulnerability

Source: XF
Type: UNKNOWN
snmp-kill-interface(1438)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sco:openserver:5.0.5:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:ibm:aix:*:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:bsdos:*:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:*:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:*:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:*:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:os2:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_95:*:*:*:*:*:*:*:*
  • OR cpe:/a:data_general:dg_ux:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*
  • OR cpe:/a:novell:netware:*:*:*:*:*:*:*:*
  • OR cpe:/o:sco:unix:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2000-0147 (CCN-4274)

    Assigned:2000-02-08
    Published:2000-02-08
    Updated:2000-02-08
    Summary:The default configuration of SCO OpenServer could allow local users read/write access to SNMPD provided information using a default writable community string.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Partial
    Availibility (A): None
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Partial
    Availibility (A): None
    Vulnerability Consequences:Other
    References:Source: MITRE
    Type: CNA
    CVE-2000-0147

    Source: CCN
    Type: Network Associates, Inc. COVERT Labs Security Advisory #36, February 7, 2000
    SNMPD default writable community string

    Source: CCN
    Type: BID-973
    SCO OpenServer SNMPD Default Community Vulnerability

    Source: XF
    Type: UNKNOWN
    sco-openserver-snmpd(4274)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:sco:openserver:5.0.5:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    sco openserver 5.0.5
    ibm aix *
    windriver bsdos *
    hp hp-ux *
    sgi irix *
    linux linux kernel *
    sun solaris *
    ibm os2 *
    microsoft windows 95 *
    data_general dg ux *
    microsoft windows nt 4.0
    microsoft windows 98 *
    novell netware *
    sco unix *
    microsoft windows 98se *
    microsoft windows 2000 *
    cisco ios *
    microsoft windows me *
    compaq tru64 *
    microsoft windows xp
    apple mac os *
    microsoft windows 2003_server
    sco openserver 5.0.5