CVE-1999-1297

cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/7482
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/7482

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:sun:sunos:-:::::::*
	cpe:2.3:o:sun:sunos:4.1:::::::*
	cpe:2.3:o:sun:sunos:4.1.1:::::::*
	cpe:2.3:o:sun:sunos:4.1.2:::::::*
	cpe:2.3:o:sun:sunos:4.1.3:::::::*
	cpe:2.3:o:sun:sunos:4.1.4:::::::*

History

20 Nov 2024, 23:30

Type	Values Removed	Values Added
References	~~() http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20 - Patch~~	() http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20 - Patch
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/7482 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/7482 -

Information

Published : 1998-07-15 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-1999-1297

Mitre link : CVE-1999-1297

CVE.ORG link : CVE-1999-1297

JSON object : View

Products Affected

sun

sunos

CWE

NVD-CWE-Other

{"id": "CVE-1999-1297", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "1998-07-15T04:00:00.000", "references": [{"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7482", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7482", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "369207B4-96FA-4324-9445-98FAE8ECF5DB"}, {"criteria": "cpe:2.3:o:sun:sunos:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5955AC0-3036-4943-B6BD-52DD3E039089"}, {"criteria": "cpe:2.3:o:sun:sunos:4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92B19A06-832D-4974-9D08-2CE787228592"}, {"criteria": "cpe:2.3:o:sun:sunos:4.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3A07C67-66FB-4ECF-BECB-C2BE72A80F3B"}, {"criteria": "cpe:2.3:o:sun:sunos:4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "615FA6E4-4DE0-422A-9220-F747D95192C9"}, {"criteria": "cpe:2.3:o:sun:sunos:4.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1070749A-65E9-439A-A7CC-3CE529A5D5E7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

2.1 /10