Vulnerability Name:

CVE-2000-0384 (CCN-4440)

Assigned:2000-05-08
Published:2000-05-08
Updated:2008-09-05
Summary:NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure's MAC address, which could allow remote attackers to gain root access.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Intel NetStructure Support
7140 (IB4000) / 7170 (IB7000) / 7180 (CD8000) Security Patch

Source: CONFIRM
Type: UNKNOWN
http://216.188.41.136/

Source: MITRE
Type: CNA
CVE-2000-0384

Source: L0PHT
Type: Patch, Vendor Advisory
20000508 NetStructure 7110 console backdoor

Source: L0PHT
Type: Patch, Vendor Advisory
20000508 NetStructure 7180 remote backdoor vulnerability

Source: BID
Type: Patch, Vendor Advisory
1182

Source: CCN
Type: BID-1182
NetStructure 7110 Undocumented Password Vulnerability

Source: BID
Type: Patch, Vendor Advisory
1183

Source: CCN
Type: BID-1183
NetStructure 7180 Remote Backdoor Vulnerability

Source: CCN
Type: @stake, Inc./L0pht Security Advisory 05/08/00
NetStructure 7180 remote backdoor vulnerability

Source: XF
Type: UNKNOWN
netstructure-root-compromise(4440)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:intel:netstructure_7110:*:*:*:*:*:*:*:*
  • OR cpe:/h:intel:netstructure_7180:*:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/h:intel:netstructure_7180:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2000-0384 (CCN-4441)

    Assigned:2000-05-08
    Published:2000-05-08
    Updated:2000-05-08
    Summary:An attacker can override the administrator password and gain root access to the administration console of the NetStructure 7110, by using an undocumented shell password in "wizard" mode. The shell password is generated from the Ethernet MAC address of the device, which can be displayed at the login prompt.
    CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Changed
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): High
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    Vulnerability Consequences:Gain Privileges
    References:Source: CCN
    Type: Intel NetStructure Support
    7110 (CA1000) Security Patch

    Source: MITRE
    Type: CNA
    CVE-2000-0384

    Source: CCN
    Type: BID-1182
    NetStructure 7110 Undocumented Password Vulnerability

    Source: CCN
    Type: BID-1183
    NetStructure 7180 Remote Backdoor Vulnerability

    Source: CCN
    Type: @stake, Inc./L0pht Security Advisory 05/08/00
    NetStructure 7110 console backdoor

    Source: XF
    Type: UNKNOWN
    netstructure-wizard-mode(4441)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/h:intel:netstructure_7110:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    intel netstructure 7110 *
    intel netstructure 7180 *
    intel netstructure 7180 *
    intel netstructure 7110 *