Vulnerability Name:

CVE-2000-0784 (CCN-5093)

Assigned:2000-08-14
Published:2000-08-14
Updated:2008-09-05
Summary:sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
References:Source: CCN
Type: BugTraq Mailing List, Mon Aug 14 2000 - 14:28:30 CDT
Remote Root Compromise On All RapidStream VPN Appliances

Source: BUGTRAQ
Type: Patch, Vendor Advisory
20000816 Remote Root Compromise On All RapidStream VPN Appliances

Source: MITRE
Type: CNA
CVE-2000-0784

Source: CCN
Type: OSVDB ID: 8037
Rapidstream VPN sshd Default Hardcoded Admin Account

Source: BID
Type: Patch, Vendor Advisory
1574

Source: CCN
Type: BID-1574
RapidStream Unauthenticated Remote Command Execution Vulnerability

Source: XF
Type: UNKNOWN
rapidstream-remote-execution(5093)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:rapidstream:rapidstream:2000:*:*:*:*:*:*:*
  • OR cpe:/h:rapidstream:rapidstream:4000:*:*:*:*:*:*:*
  • OR cpe:/h:rapidstream:rapidstream:6000:*:*:*:*:*:*:*
  • OR cpe:/h:rapidstream:rapidstream:8000:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    rapidstream rapidstream 2000
    rapidstream rapidstream 4000
    rapidstream rapidstream 6000
    rapidstream rapidstream 8000