Vulnerability Name:

CVE-2001-0621 (CCN-6557)

Assigned:2001-05-17
Published:2001-05-17
Updated:2017-10-10
Summary:The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2001-0621

Source: CCN
Type: CIAC Information Bulletin L-085
Cisco Content Service Switch FTP Vulnerability

Source: CIAC
Type: UNKNOWN
L-085

Source: CCN
Type: Cisco Systems Field Notice, May 17, 2001
Cisco Content Service Switch 11000 Series FTP Vulnerability

Source: CISCO
Type: Patch, Vendor Advisory
20010517 Cisco Content Service Switch 11000 Series FTP Vulnerability

Source: OSVDB
Type: UNKNOWN
1834

Source: CCN
Type: OSVDB ID: 1834
Cisco CSS FTP File Disclosure

Source: BID
Type: UNKNOWN
2745

Source: CCN
Type: BID-2745
Cisco Content Service Switch FTP Access Control Vulnerability

Source: XF
Type: UNKNOWN
cisco-css-ftp-commands(6557)

Source: XF
Type: UNKNOWN
cisco-css-ftp-commands(6557)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:cisco:content_services_switch_11000:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:cisco:content_services_switch_11050:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:content_services_switch_11150:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:content_services_switch_11800:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco content services switch 11000 *
    cisco content services switch 11050 *
    cisco content services switch 11150 *
    cisco content services switch 11800 *