CVE-2002-0480

ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/4331
http://marc.info/?l=bugtraq&m=101666833321138&w=2
http://marc.info/?l=bugtraq&m=101684141308876&w=2
http://marc.info/?l=bugtraq&m=101675086010051&w=2

Configurations

Configuration 1 (hide)

cpe:2.3:a:iss:realsecure_nokia:6.0:*:*:*:*:*:*:*

Information

Published : 2002-08-11 21:00

Updated : 2016-10-17 19:20

NVD link : CVE-2002-0480

Mitre link : CVE-2002-0480

JSON object : View

CWE

NVD-CWE-Other

Products Affected

iss

realsecure_nokia

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/4331", "name": "4331", "tags": [], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=101666833321138&w=2", "name": "20020320 NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=101684141308876&w=2", "name": "20020322 RE: NMRC Advisory: RealSecure KeyManager Issue - Further Explanation", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=101675086010051&w=2", "name": "20020321 RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user \"skank\" on a machine \"starscream\" to become a key manager when the \"first time connection\" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0480", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-08-12T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:iss:realsecure_nokia:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-10-18T02:20Z"}

10.0 /10