VAR-200304-0040
Vulnerability from variot - Updated: 2025-04-03 22:36The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078. The SSR8000 is a SmartSwitch distributed and maintained by Enterasys. It has been discovered that SSR8000 switches react unpredictably when portscanned. When these switches are scanned using specific types of TCP traffic, and scanned on certain ports, the switch becomes unstable. It has been reported that this can be reproduced consistently to cause the switch to crash. Remote attackers can exploit this vulnerability to carry out denial of service attacks. The SSR8000 switch monitors TCP ports 15077 and 15078 in order to process the MPS code of ATM
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200304-0040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartswitch ssr8000",
"scope": "eq",
"trust": 1.6,
"vendor": "enterasys",
"version": "e8.3.0.4"
},
{
"model": "smartswitch ssr8000",
"scope": "eq",
"trust": 1.6,
"vendor": "enterasys",
"version": "e8.2.0.0"
},
{
"model": "smartswitch ssr8000 e8.3.0.4",
"scope": null,
"trust": 0.3,
"vendor": "enterasys",
"version": null
},
{
"model": "smartswitch ssr8000 e8.2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "enterasys",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "5703"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-044"
},
{
"db": "NVD",
"id": "CVE-2002-1501"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mella Marco\u203b m.mella@saritel.it",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200304-044"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1501",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1501",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-5886",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1501",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200304-044",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5886",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5886"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-044"
},
{
"db": "NVD",
"id": "CVE-2002-1501"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078. The SSR8000 is a SmartSwitch distributed and maintained by Enterasys. \nIt has been discovered that SSR8000 switches react unpredictably when portscanned. When these switches are scanned using specific types of TCP traffic, and scanned on certain ports, the switch becomes unstable. It has been reported that this can be reproduced consistently to cause the switch to crash. Remote attackers can exploit this vulnerability to carry out denial of service attacks. The SSR8000 switch monitors TCP ports 15077 and 15078 in order to process the MPS code of ATM",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1501"
},
{
"db": "BID",
"id": "5703"
},
{
"db": "VULHUB",
"id": "VHN-5886"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5886",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5886"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1501",
"trust": 2.0
},
{
"db": "BID",
"id": "5703",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200304-044",
"trust": 0.7
},
{
"db": "XF",
"id": "10096",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020913 SCAN AGAINST ENTERASYS SSR8000 CRASH THE SYSTEM",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-75612",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "21791",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5886",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5886"
},
{
"db": "BID",
"id": "5703"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-044"
},
{
"db": "NVD",
"id": "CVE-2002-1501"
}
]
},
"id": "VAR-200304-0040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5886"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:36:22.049000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1501"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.enterasys.com/support/techtips/tk0659-9.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5703"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0141.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10096.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5886"
},
{
"db": "BID",
"id": "5703"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-044"
},
{
"db": "NVD",
"id": "CVE-2002-1501"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5886"
},
{
"db": "BID",
"id": "5703"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-044"
},
{
"db": "NVD",
"id": "CVE-2002-1501"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-5886"
},
{
"date": "2002-09-13T00:00:00",
"db": "BID",
"id": "5703"
},
{
"date": "2002-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200304-044"
},
{
"date": "2003-04-02T05:00:00",
"db": "NVD",
"id": "CVE-2002-1501"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5886"
},
{
"date": "2009-07-11T17:06:00",
"db": "BID",
"id": "5703"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200304-044"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-1501"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200304-044"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Enterasys SSR8000 SmartSwitch Port Scanning Remote Denial of Service Attack Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200304-044"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200304-044"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…